Microsoft email users are under attack from a new phishing campaign. The campaign uses the adversary-in-the-middle (AiTM) technique to even bypass multi-factor authentication (MFA) protection.
Man in the middle RSS
The Linux kernel developers have switched links in the documentation over to HTTPS. The move aims to prevent man-in-the-middle attacks against kernel developers, luckily no such attacks have occurred.
Mozilla and Google have taken measures to invalidate a root CA certificate from being used by the Kazakh government in Firefox and Chrome to intercept users' secure HTTPS connections to websites.
A group of scammers from Nigeria infected themselves with malware, which led to the revelation of how their crime works, and how they manage to steal money from businesses worldwide.
Google researcher Tavis Ormandy also discovered that the extension "force-installed" JavaScript APIs, hijacking search settings and potentially exposing users to man-in-the-middle attacks.
Microsoft has announced a new policy regarding adware to protect users from man-in-the-middle attacks, and developers will need to ensure that their software is compliant before March 31, 2016.
Comcast has begun using dubious methods to alert users that it is infringing copyright. The method being used is called a man-in-the-middle attack usually employed by hackers to steal data.
SSL certificates exist to increase security and prevent snooping on your browsing sessions. Gogo believes you shouldn't have that and appears to be intentionally performing MITM attacks on its users.
Another newly discovered bug in OpenSSL opens up the potential for an attacker to read and steal your information without you being able to detect it, but it's still nowhere near as bad as Heartbleed.