MITM | Cyber Security Review

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

Posted onDecember 21, 2020December 24, 2020

On Dec. 4, 2020, the Kubernetes Product Security Committee disclosed a new Kubernetes vulnerability assigned CVE-2020-8554. It is a medium severity issue affecting all Kubernetes versions and is currently unpatched. CVE-2020-8554 is a design flaw that allows Kubernetes Services to Read More …

‘Ultimate’ MiTM Attack Steals $1M from Israeli Startup

Posted onDecember 5, 2019December 6, 2019

Hackers pulled off an elaborate man-in-the-middle campaign to rip off an Israeli startup by intercepting a wire transfer from a Chinese venture-capital firm intended for the new business. New research by Check Point Software details how the security vendor uncovered the wire-transfer Read More …

Hotel front desks are now a hotbed for hackers

Posted onNovember 28, 2019December 2, 2019

It seems that any possible way cybercriminals can exploit the hospitality industry, they will. Hotels, restaurant chains, and related tourism services have been subject to a range of techniques when it comes to cybercrime; the compromise of Point-of-Sale (PoS) terminals Read More …

Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems

Posted onJanuary 22, 2019January 24, 2019

Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today Read More …

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

Posted onDecember 13, 2017December 17, 2017

A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The Read More …

Banking Apps Found Vulnerable to MITM Attacks

Posted onDecember 7, 2017December 12, 2017

Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Read More …

Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates

Posted onMarch 27, 2017July 14, 2018

A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL certificates. The flaw, discovered by Chris Byrne, an information security consultant and instructor for Cloud Harmonics, Read More …