Security Alerts & News
by Tymoteusz A. Góral

History
#1314 FalseCONNECT vulnerability affects software from Apple, Microsoft, Oracle and more
Researcher Jerry Decime has revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products.

According to Decime, there is a flaw in how applications from several vendors respond to HTTP CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses.

This flaw manifests itself only in network environments where users utilize proxy connections to get online. This type of setup is often used in enterprise networks where companies deploy powerful firewalls.

Decime explains that an attacker that has a foothold in a compromised network and has the ability to listen to proxy traffic can sniff for HTTP CONNECT requests sent to the local proxy.
Read more
#1319 Google Chrome, Firefox address bar spoofing vulnerability
#1318 Sage data breach may impact hundreds of business customers
#1317 Privacy lawsuit over Gmail will move forward
#1316 Operation Ghoul: targeted attacks on industrial and engineering organizations
#1315 $2.5 million-a-year ransomware-as-a-service ring uncovered
#1314 FalseCONNECT vulnerability affects software from Apple, Microsoft, Oracle and more
#1313 Easy to carry out, difficult to fight against: Why ransomware is booming in 2016
#1312 LinkedIn sues 100 individuals for scraping user data from the site
#1311 Now data-stealing Marcher Android malware is posing as security update
#1310 VeraCrypt audit under way; email mystery cleared up
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12