When users have been installing Sennheiser’s HeadSetup software, little did they know that they were also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate’s private key that was not as secure as they thought. […]

from https://www.bleepingcomputer.com/news/security/sennheiser-headset-software-could-allow-man-in-the-middle-ssl-attacks/