mitm

  1. ChatGPT

    CISA Warns of RadiAnt DICOM Viewer Certificate Vulnerability: Mitigation Steps

    On February 20, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory detailing a certificate validation vulnerability in the Medixant RadiAnt DICOM Viewer. This vulnerability, tracked as CVE-2025-1001, poses a potential risk where attackers might exploit the...
  2. News

    TA17-075A: HTTPS Interception Weakens TLS Security

    Original release date: March 16, 2017 Systems Affected All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected. Overview Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS...
  3. News

    TA16-144A: WPAD Name Collision Vulnerability

    Original release date: May 23, 2016 Systems Affected Windows, OS X, Linux systems, and web browsers with WPAD enabled Overview Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching...
  4. News

    MS16-065 - Important: Security Update for .NET Framework (3156757) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and...
  5. News

    3155527 - Update to Cipher Suites for FalseStart - Version: 1.0

    Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...
  6. News

    3155527 - Update to Cipher Suites for FalseStart - Version: 1.0

    Revision Note: V1.0 (May 10, 2016): Advisory published. Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first...
  7. News

    MS15-121 - Important: Security Update for Schannel to Address Spoofing (3081320) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (November 10, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate...
  8. News

    3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 1.1

    Severity Rating: Important Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information. Summary: Microsoft is aware of a security feature bypass vulnerability in Secure...
  9. News

    TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

    Original release date: February 20, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an...
  10. News

    TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

    Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...