Android HTTPS MiTM hijacking vulnerability analysis-vulnerability warning-the black bar safety net

The 1. Android HTTPS MiTM hijacking vulnerability description In cryptography and computer security field, the man in the middle attacks Man-in-the-middle attack, often abbreviated as MITM refers to an attacker with the communications at both ends, respectively, to create the separate contact, an...

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)

A vulnerability has been detected in the way OpenSSL handles TLS handshakes that use weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications...

Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox

Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essential...

Video: Vitaly Kamluk on The Equation Group APT

Kaspersky Lab’s global research and analysis team uncovered what they claim is the most sophisticated advanced persistent threat group yet known. Known as the Equation Group, researchers led by GReAT director Costin Raiu say the threat actors have been operating for 15 years or more and are known...

Siemens SIMATIC STEP 7 (TIA Portal) < 1300.100.2501.1 Multiple Vulnerabilities (SSA-315836)

Binary data scadasiemenstiamultiplevulnerabilitiesSSA-315836.nbin...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Adtrustmedia PrivDog fails to validate SSL certificates

Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle MITM proxy as we...

SuperFish Adware Root Certificate

SuperFish Adware is a software that uses SSL man-in-the-middle MitM technique in order to intercept SSL sessions and inject its own content into the session. Successful exploitation might result in disclosure of confidential or private information passed over the SSL channel, or in such informati...

Lenovo Superfish Certificate Password Cracked

Lenovo laptop owners are at risk for man-in-the-middle attacks as a vulnerability disclosed in pre-installed Superfish adware went nuclear this morning. Researcher Rob Graham of Errata Security published a report in which he said he cracked the password protecting the digital certificate shipped...

New Strain of Banking Trojan Targets Android, Steals SMS

A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds. Researchers at zScaler spotted the as yet unnamed Trojan circulating as 888.apk. Like many types of malware that came before it, at least for the moment, the...

D-Link DSL-2740R Web Interface Authentication Bypass Vulnerability

The D-Link DSL-2740R is a home wireless ADSL router. An authentication bypass vulnerability exists in the D-Link DSL-2740R web interface, which can be exploited by attackers to modify DNS settings, intercept sessions, or launch denial of service attacks...

蝉知企业门户系统 v3.3csrf修改管理员密码

简要描述： 蝉知企业门户系统 v3.3csrf修改管理员密码 详细说明： 蝉知企业门户系统 v3.3最新版本 存在csrf漏洞 而且我测试的时候发现，即使修改了密码，管理员也不会马上需要重新登陆，所以配合我的回旋镖，可以达到神不知鬼不觉的修改其管理密码 接下来，我就来详细的演示漏洞过程 漏洞证明： 1、我们进入后台，发现没有添加管理员，那么我们来尝试一下修改管理员密码 很有意思，我们发现修改管理员的密码，不需要验证原密码好危险撒！ 那我们再来抓包截断看看有没有token之类的验证 2、用burpsuite截断 我的小伙伴们都惊呆了 有木有？？ 没有验证，就两个password...

CVE-2014-9648

Removed by vendor...

Adobe Flash Player and AIR Information Disclosure Vulnerability (CNVD-2015-00336)

Adobe Flash Player is a Flash file handling program.Adobe Air is a cross-OS runtime library from Adobe. An information leakage vulnerability exists in Adobe Flash Player/AIR that could allow an attacker to construct malicious SWF files, trick users into parsing them, and intercept user keystrokes...

OpenSSL Ephemeral ECDH Cipher Suite Handshake Downgrade (CVE-2014-3572)

A vulnerability has been detected in the way OpenSSL handles TLS handshakes involving certain cipher suites. An attacker might leverage this vulnerability to impersonate a server and intercept secure communications...

Gogo In-flight Internet issues Fake SSL Certificates to its own Customers

Gogo — one of the largest providers of in-flight Internet service — has been caught issuing fake SSL certificates, allowing the inflight broadband provider to launch man-in-the-middle MITM attacks on its own users, view passwords and other sensitive information. The news came to light when securi...

Global mobile security vulnerabilities“for the benefit of the”hack-vulnerability warning-the black bar safety net

German researchers said that global mobile phone operators the use of a system security vulnerabilities allow hackers to large-scale monitoring of mobile phone users traffic as possible. This security issue relates to the distribution standard system Signaling System 7, or SS7 in. The system is...

Cellular communications network discovery security vulnerabilities allow others to monitor the dead calls or intercept text messages-vulnerability warning-the black bar safety net

German researchers in a cellular communication network widely used on the VII signaling system SS7, Signaling System Number 7 on the discovery of a security vulnerability, allowing spies, hackers and criminals potential large-scale monitoring of private phone calls and intercept text messages...

Hackers Can Read Your Private SMS and Listen to Phone Calls

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lie...