Security News > 2016 > May > Faulty TLS implementation opens VISA sites, users to attack (Help Net Security)
2016-05-27 20:00
A group of researchers has discovered 184 HTTPS servers that are wide open to attackers looking to inject seemingly valid content into encrypted sessions. Some of these servers belong to the credit card company VISA, the Polish banking association ZBP, and the German stock exchange. They are vulnerable to these attacks because they used a duplicate cryptographic nonce with the AES-GCM cipher during the TLS handshake between the browser and the HTTPS-protected sites. This means … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/gt1O3KH1jHk/
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)