SSL Stripping Attacks

Attack

SSL Attack

Stripping away the encryption offered by HTTPS, called SSL Strip, is a serious cyber threat to many corporations since their employees are constantly on the move and require access to Internet on-the-go even through open non-secure Wi-Fi hotspots. Once attackers gain access to a network, they can act as a Man-in-the-Middle (MITM) to intercept connections over the network.

Fragment Attack

Attack

Wifi Attack

In the last few years, major improvements have been made to the security of Wi-Fi. Most notably this includes the discovery and prevention of key reinstallation in WPA2, and the standardization of WPA3 which, among other things, prevents offline dictionary attacks.

SIM swap scam

Attack

SIM SPAM

A SIM swap scam (also known as port-out scam, SIM splitting, Smishing and simjacking, SIM swapping) is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

TDoS

Attack

VoIP DoS

Telephony denial of service (TDoS) is a type of denial of service (DoS) attack in which the attackers launch high volume of calls and keeping those calls active for as long as possible against the target network, preventing legitimate calls to come in.

Malformed URL Prefix Phishing Attacks

Attack

Phishing

Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said. Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit

The EMV Standard: Break, Fix, Verify

Attack

Credit Card

EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard’s advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV’s lengthy and complex specification, running over 2,000 pages.

Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards

Attack

Credit Card

Most EMV transactions require online authorization by the card issuer. Namely, the merchant’s payment terminal sends an authorization request to the card issuer over a payment network, typically operated by the company that brands the card such as Visa or Mastercard.