CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

About the security content of iOS 16

About the security content of iOS 16 This document describes the security content of iOS 16. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...

Mozilla: Downgrade attack on SMTP STARTTLS connections

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

Secret Service Warns of Chip Card Scheme

The U.S. Secret Service is warning financial institutions about a new scam involving the temporary theft of chip-based debit cards issued to large corporations. In this scheme, the fraudsters intercept new debit cards in the mail and replace the chips on the cards with chips from old cards. When...

LinkedIn shutting down its security-plagued INTRO app in Early March

Last October, the social network 'LinkedIn' launched a controversial Smartphone app called 'Intro' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android, as well as iOS devices. Why...