HackDig : Dig high-quality web security articles for hackers

xboxlive digital certificate exposed opens users to MITM attacks

Microsoft has issued an advisory to notify customers that the private keys for an SSL/TLS digital certificate for *xboxlive.com have been disclosed. According to a security advisory published by Microsoft, the company is propagating a new certificate for the *.xboxlive.com domain because it has “inadvertently disclosed” the ce
Publish At:2015-12-10 01:00 | Read:4008 | Comments:0 | Tags:Digital ID Security Breaking News Hacking PKI Digital Certif

Dell puts users at risk with dangerous eDellRoot root certificate

Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate dubbed eDellRoot that opens users to a number of cyber attacks. Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate that opens users to a number of cyber attacks. Hackers could exploit it to compromise th
Publish At:2015-11-24 23:20 | Read:4855 | Comments:0 | Tags:Breaking News Malware Security Dell Digital Certificate eDel

Experts discovered the attack platform used by the Winnti Group

Experts at Kaspersky have discovered that Winnti Group has enhanced its attack platform infecting organizations in South Korea, UK and Russia. In 2013, security experts at Kaspersky Lab uncovered a cyber espionage that targeted the gaming industry with a malware signed with a valid digital certificate. The threat actor behind
Publish At:2015-10-07 15:10 | Read:3359 | Comments:0 | Tags:Breaking News Cyber Crime Hacking cyber espionage Cybercrime

OpenSSL CVE-2015-1793: Separating Fact from Hype

A vulnerability that allows attackers to create their malicious certificates without depending on any external and trustworthy CAs was fixed in the newest version of the open-source software OpenSSL released July 9. Identified as CVE-2015-1793 (Alternative Chains certificate forgery) and rated with “high severity”, the vulnerability allows attack
Publish At:2015-07-16 23:05 | Read:4810 | Comments:0 | Tags:Vulnerabilities digital certificate HTTPS OpenSSL SSL vulner

The Winnti hacking crew is now targeting pharmaceutical and telecoms companies

Security experts at Kaspersky collected evidence that the Winniti APT is moving beyond the gaming industry targeting telecoms and big pharma companies. My most passionate readers, will remember for sure the Winnti group, a Chinese APT discovered by Kaspersky Lab in 2013 that targeted companies in the gaming industry. According
Publish At:2015-06-25 23:50 | Read:3816 | Comments:0 | Tags:Breaking News Cyber Crime Malware Security APT Axiom group c

Authors of Duqu 2.0 used a stolen digital certificate in attacks

Malware authors behind the Duqu 2.0 used a stolen certificate from the Foxconn company to implement a persistence mechanism and stay stealthy. New details emerge from the investigation conducted by the experts at Kaspersky on the Duqu 2.0 malware that targeted the systems of the company, the threat actors used valid certificat
Publish At:2015-06-16 17:15 | Read:3369 | Comments:0 | Tags:Breaking News Cyber warfare Malware APT cyber espionage Digi

Google Internet Authority G2 has become untrusted due to an expired certificate

Gmail and Google Apps have noticed on Saturday that the Google Internet Authority G2 has become untrusted due to an expired digital certificate. On Saturday April 4, the Google Internet Certificate Authority G2 has become untrusted due to an expired digital certificate in the chain of trust. The Google Internet Authority G2 is
Publish At:2015-04-05 18:20 | Read:5270 | Comments:0 | Tags:Breaking News Digital ID Security Digital Certificate Google

Chinese CA issued bogus digital certificates for Google domains

Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate author
Publish At:2015-03-26 02:05 | Read:4142 | Comments:0 | Tags:Breaking News Digital ID Security CA CNNIC Digital Certifica

Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests

Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL Labs u
Publish At:2015-03-22 01:40 | Read:3809 | Comments:0 | Tags:Breaking News Security Digital Certificate PKI Qualys SSL SS

Superfish adware in the Lenovo laptops is a threat to the users

The presence of the Superfish software in Lenovo laptops exposes the users to serious risks of hacking. The researcher Graham explained the reason. The news of the presence of Superfish adware in the laptops sold by the Chinese Lenovo has shocked the IT industry. The company has intentionally pre-installed a malware on laptops
Publish At:2015-02-20 06:00 | Read:3190 | Comments:0 | Tags:Hacking Malware adware Digital Certificate Factory pre-insta

Chinese Government runs a MITM attack against Microsoft Outlook

GreatFire revealed that the popular Microsoft Outlook emailing service was subjected to a man-in-the-middle (MITM) attack in China. This time the popular Outlook email service was allegedly hacked by Chinese authorities. The Outlook email service was not reachable in China over the weekend and according the to experts at the G
Publish At:2015-01-20 11:35 | Read:4648 | Comments:0 | Tags:Hacking Censorship China cyber espionage Cyberspace Administ

Hackers leak scripts, celebrity phones and aliases at Sony Pictures Entertainment

GOP released a new archive of Sony Pictures Entertainment confidential data including private information of employees, celebrity phone numbers, film scripts and many more. The Sony Pictures data breach is becoming a never ending history, the GOP is leaking company data and much more since the attack while security firms are p
Publish At:2014-12-11 00:45 | Read:4571 | Comments:0 | Tags:Cyber Crime Security Cybercrime data breach data leakage Des

Stolen Sony certificates used to digitally sign Destover Malware

Security experts at Kaspersky Lab have detected a strain of Destover Malware that has been digitally signed with the certificates stolen during Sony attack. Security experts have detected a new strain of the Destover malware that was used in the recent Sony Pictures Entertainment breaches characterized by a singular feature, t
Publish At:2014-12-10 11:15 | Read:3998 | Comments:0 | Tags:Cyber Crime Malware Cybercrime Destover Digital Certificate

“DarkHotel” uses bogus crypto certificates to snare Wi-Fi-connected execs

Researchers have uncovered a seven-year-old malware operation that combines advanced cryptographic attacks, zero-day exploits, and well-developed keyloggers to target elite executives staying in luxury hotels during business trips.The attackers behind "DarkHotel," as the advanced persistent threat has been dubbed, appear to know in advance when a targeted
Publish At:2014-11-11 01:00 | Read:3431 | Comments:0 | Tags:Law & Disorder Risk Assessment advanced persistent threat AP

Chinese Government Executes MITM Attack against iCloud

Apple iCloud users in China are not safe from the hackers — believed to be working for Chinese government — who are trying to wiretap Apple customers in the country. Great Fire, a reputed non-profit organization that monitors Internet censorship in China, claimed that the Chinese authorities have launched a nationwide Man in the Middle (MITM) cam
Publish At:2014-10-21 10:00 | Read:4944 | Comments:0 | Tags:Apple ios hacking digital Certificate hacking Apple iCloud h

Tools