August 12, 2024 at 11:54AM Vulnerabilities in Google’s Quick Share utility allowed man-in-the-middle attacks and unauthorized file transfers to Windows devices. SafeBreach discovered 10 vulnerabilities, prompting two CVEs, and detailed their findings at DEF CON 32. The flaws have been addressed, but the utility remains under scrutiny. A scheduled task vulnerability was also exploited. The … Read more
July 9, 2024 at 03:51PM Blast-RADIUS is an authentication bypass in the RADIUS/UDP protocol, allowing attackers to breach networks via MD5 collision attacks. It affects numerous networked devices and poses a significant threat. The exploit manipulates server responses to gain admin privileges without brute force or credential theft. To defend against it, network operators should … Read more
October 28, 2023 at 04:18AM New findings reveal a covert attempt to intercept traffic from the instant messaging service jabber[.]ru, using servers in Germany. The attacker used Let’s Encrypt TLS certificates to hijack encrypted connections. The wiretapping is estimated to have lasted for six months, from April to October 2023. The investigation suggests a case … Read more