Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again

The Kazakh government is forcing its citizens to install a spyware root certificate, allowing authorities to crack open TLS traffic, such as HTTPS.
The post Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again appeared first on Security … Continue reading Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0. Continue reading Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

New vulnerability lets hackers use your credit card without pin code

By Sudais Asif
The vulnerability was revealed in a report called “The EMV Standard: Break, Fix, Verify.” Every time we make a payment using credit/debit cards, the EMV communication protocol is used for processing payments. Having been deve… Continue reading New vulnerability lets hackers use your credit card without pin code

ASUS Home Router Bugs Open Consumers to Snooping Attacks

The two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router. Continue reading ASUS Home Router Bugs Open Consumers to Snooping Attacks

Hackaday Links: July 12, 2020

Based in the US as Hackaday is, it’s easy to overload the news with stories from home. That’s particularly true with dark tales of the expanding surveillance state, which seem to just get worse here on a daily basis. So we’re not exactly sure how we feel to share not …read more

Continue reading Hackaday Links: July 12, 2020

Detecting GnuTLS CVE-2020-13777 using Zeek

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets… Continue reading Detecting GnuTLS CVE-2020-13777 using Zeek

Multiple vulnerabilities discovered in smart home devices

ESET researchers found serious security vulnerabilities in three different home hubs: Fibaro Home Center Lite, HomeMatic Central Control Unit (CCU2) and eLAN-RF-003. Some of the flaws could be misused by an attacker to perform MitM attacks, eavesdrop o… Continue reading Multiple vulnerabilities discovered in smart home devices