HackDig : Dig high-quality web security articles for hacker

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:1453 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

Dell Provides Instructions on How to Remove eDellRoot Certificate Authority

Dell Inc., a computer technology company, has provided instructions to customers on how they can remove a recently discovered root Certificate Authority (CA) from their laptops and PCs.On Monday, a Reddit user by the name of rotorcowboy posted a thread in which they explained how they had discovered a self-signed root CA called “eDellRoot” while
Publish At:2015-11-26 09:40 | Read:1619 | Comments:0 | Tags:Latest Security News certificate Dell eDellRoot Joe Nord MIT

Dyre Spreading Using Code-Signing Certificates, HTTPS

ThreatTrack Security Labs researchers have confirmed the credential-stealing Trojan Dyre  is using a new dropper — and a valid digital certificate — to carry out its dirty work over HTTPS connections. The Ruckguv downloader works by injecting a dll into an instance of Windows Service Host (svchost.exe). Windows Service Host then uses HTTPS to download Dyreza
Publish At:2015-04-22 05:50 | Read:1778 | Comments:0 | Tags:Featured ThreatTrack Security Labs certificate Dyre https ru

Google warns of unauthorized TLS certificates trusted by almost all OSes

In the latest security lapse involving the Internet's widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well.The bogus transport layer security certificates are trusted by all major operating systems and brow
Publish At:2015-03-23 21:45 | Read:2067 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab certificate en

Bogus SSL certificate for Windows Live could allow man-in-the-middle hacks

Microsoft is scrambling to block a fraudulent HTTPS certificate that was issued for one of the company's Windows Live Web addresses lest it be used by attackers to mount convincing man-in-the-middle attacks.The phony Transport Layer Security/Secure Sockets Layer certificate was issued for live.fi and www.live.fi, which are addresses Microsoft reserves fo
Publish At:2015-03-17 05:45 | Read:1255 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab certificate cr

SSL; More than Encryption

While doing an online search for “SSL Certificates” and one of the ads said “$4.99, Why Pay More?”  Without clicking on the ad I know what they are going to offer me; a simple domain validated (DV) SSL certificate.  This certificate will encrypt my site’s traffic at a basic level but this isn’t 1997; the business climate and threat land
Publish At:2014-12-03 23:40 | Read:1535 | Comments:0 | Tags:Security Website Security Solutions Website Security Solutio

Not quite the average exploit kit: Zuponcic

A couple of weeks ago at the FOX-IT SOC, we noticed Zuponcic attempting to infect one of our clients protected networks. The incident was caused by a person visiting the website of Suriname’s Ministry of Finance, minfin.sr. This post connects three recent developments in the realm of malware infections: .htaccess server compromise, the Zuponcic exploit
Publish At:2014-08-15 08:52 | Read:2314 | Comments:0 | Tags:Blog Uncategorized certificate exploit exploitkit htaccess j

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud