Security News

qBittorrent fixes flaw exposing users to MitM attacks for 14 years
2024-10-31 15:11

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout...

RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks
2024-07-09 12:39

Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle attacks and bypass integrity checks under certain circumstances. "The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks," InkBridge Networks CEO Alan DeKok, who is the creator of the FreeRADIUS Project, said in a statement.

MiTM phishing attack can let attackers unlock and steal a Tesla
2024-03-07 17:07

Researchers demonstrated how they could conduct a Man-in-the-Middle phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.

AI algorithm detects MitM attacks on unmanned military vehicles
2023-10-14 15:14

Professors at the University of South Australia and Charles Sturt University have developed an algorithm to detect and intercept man-in-the-middle attacks on unmanned military robots. MitM attacks are a type of cyberattack where the data traffic between two parties, in this case, the robot and its legitimate controllers, is intercepted either to eavesdrop or to inject false data in the stream.

Ransomware tales: The MitM attack that really had a Man in the Middle
2023-05-24 19:59

The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline. These days, we usually expand the jargon term MitM to mean Manipulator in the Middle, not merely to avoid the gendered term "Man", but also because many, if not most, MitM attacks these days are performed by machines.

Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks
2022-09-28 15:05

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service or man-in-the-middle attacks against network targets using custom-crafted packets. Stacked VLANs, also known as VLAN Stacking, is a feature in modern routers and switches that allows companies to encapsulate multiple VLAN IDs into a single VLAN connection shared with an upstream provider.

RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering
2022-08-22 09:19

Researchers have disclosed multiple vulnerabilities impacting Ultra-wideband Real-time Locating Systems, enabling threat actors to launch adversary-in-the-middle attacks and tamper with location data. "If a threat actor exploits these vulnerabilities, they have the ability to tamper with safety zones designated by RTLS to protect workers in hazardous areas."

RTLS systems vulnerable to MiTM attacks, location manipulation
2022-08-16 20:10

Security researchers have uncovered multiple vulnerabilities impacting UWB RTLS, enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. Nozomi analysts focused on the Sewio Indoor Tracking RTLS UWB Wi-Fi kit and Avalue Renity Artemis Enterprise kit, two widely used RTLS solutions that support the safety functionalities described above.

Office 365 boosts email security against MITM, downgrade attacks
2022-02-02 19:24

Microsoft has added SMTP MTA Strict Transport Security support to Exchange Online to ensure Office 365 customers' email communication integrity and security. This new standard strengthens Exchange Online email security and solves several SMTP security problems, including expired TLS certificates, the lack of support for secure protocols, and certificates not issued by trusted third parties or matching server domain names.

Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild
2021-11-17 23:23

The findings come from a new study undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, who have demonstrated a new fingerprinting technique that makes it possible to identify MitM phishing kits in the wild by leveraging their intrinsic network-level properties, effectively automating the discovery and analysis of phishing websites. Dubbed "PHOCA" - named after the Latin word for "Seals" - the tool not only facilitates the discovery of previously unseen MitM phishing toolkits, but also be used to detect and isolate malicious requests coming from such servers.