HackDig : Dig high-quality web security articles for hacker

Malware signed with stolen Digital code-signing certificates continues to bypass security software

A group of researchers demonstrated that malware signed with stolen Digital code-signing certificates continues to bypass security software. A recent study conducted by the Cyber Security Research Institute (CSRI) revealed that stolen digital code-signing certificates are available for sale for anyone to purchase on the dark web for up to $1,200. Digital cod
Publish At:2017-11-07 05:10 | Read:518 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Hacking Malware Digital c

Threat actors started scanning for SSH Keys on websites

Threat actors in the wild are mass-scanning websites for directories containing SSH private keys to hack them. The SSH allows a secure way to connect to servers hosting the websites, it allows administrators to get a terminal on them and enter commands. The SSH authentication could rely on login credentials (username and password), or on a “key-based” approa
Publish At:2017-10-22 06:06 | Read:208 | Comments:0 | Tags:Breaking News Cyber Crime Hacking PKI SSH keys

Adobe accidentally leaked online its Private PGP Key

The Adobe product security incident response team (PSIRT) accidentally published a private PGP key on its blog, once discovered the issue it quickly revoked it. On Friday, the Adobe PSIRT updated its Pretty Good Privacy (PGP) key and published the new public key on the blog post. The new key should have been valid until September 2018, but something strange
Publish At:2017-09-25 16:35 | Read:190 | Comments:0 | Tags:Breaking News Digital ID Hacking Adobe data leak PGP PGP key

SHAttered attack, Google and CWI conducted the first SHA-1 collision attack

Experts at Google and CWI conducted the first real world collision attack against popular SHA-1 hashing algorithm, so called shattered-attack. Researchers at Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands succeeded in conducting the first real world collision attack against popular SHA-1 hashing algorithm. The researchers created two
Publish At:2017-02-24 10:20 | Read:1067 | Comments:0 | Tags:Breaking News Hacking Collision Attack digest digital certif

Already on probation, Symantec issues more illegit HTTPS certificates

reader comments 43 Share this story A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected w
Publish At:2017-01-21 11:20 | Read:1372 | Comments:0 | Tags:Law & Disorder Risk Assessment certificate authorities PKI P

Kaspersky fixing a serious problem with inspection digital certificates

Google hacker Tavis Ormandy discovered a serious flaw that affects the Kaspersky antivirus software and the way it manages inspection digital certificates. Experts from Kaspersky are solving a problem that disabled certificate validation for 400 million users. The problem was spotted by the notorious Google hacker Tavis Ormandy, the vulnerability affects the
Publish At:2017-01-04 10:40 | Read:985 | Comments:0 | Tags:Breaking News Digital ID Hacking digital certificates Kasper

Mozilla plans to ban the Chinese CA WoSign due to trust violations

Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of severe violations that could impact Internet users. Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of violations, including backdating SHA -1 certificates in order to subvert deprecating certs from being trusted. According to a
Publish At:2016-09-30 12:00 | Read:1037 | Comments:0 | Tags:Breaking News Digital ID Security Certification Authority di

Let’s Encrypt has already issued one Million certificates

The Electronic Frontier Foundation announced that the Let’s Encrypt Certificate Authority issued its millionth certificate. The open Certificate Authority (CA) Let’s Encrypt seems to be a success, the EFF is reaching its goals with the creation of this new certificate authority run by Internet Security Research Group (ISRG). IT giants like Mozilla, Cis
Publish At:2016-03-09 11:05 | Read:1356 | Comments:0 | Tags:Breaking News Digital ID Security digital certificates EFF L

xboxlive digital certificate exposed opens users to MITM attacks

Microsoft has issued an advisory to notify customers that the private keys for an SSL/TLS digital certificate for *xboxlive.com have been disclosed. According to a security advisory published by Microsoft, the company is propagating a new certificate for the *.xboxlive.com domain because it has “inadvertently disclosed” the ce
Publish At:2015-12-10 01:00 | Read:901 | Comments:0 | Tags:Digital ID Security Breaking News Hacking PKI Digital Certif

The US DoD still uses SHA-1 signed certificates for use by military agencies

The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentiv
Publish At:2015-10-28 22:20 | Read:1118 | Comments:0 | Tags:Breaking News Digital ID Hacking Security digital certificat

Businesses Using Millions of insecure SHA-1 Certificates

Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big busi
Publish At:2015-10-22 04:20 | Read:878 | Comments:0 | Tags:Breaking News Digital ID Hacking Reports Security digital ce

Cost of Breaking SHA-1 decreases due to a new Collision Attack

A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time necessa
Publish At:2015-10-10 15:10 | Read:1178 | Comments:0 | Tags:Breaking News Hacking Security digest digital certificates e

Code Signing certificates becoming popular cybercrime commodity

Learn what Certificates as a Service stand for, discover why Code Signing certificates are a precious commodity and find out how to protect yourself online. A recent phenomenon tracked by IBM Security X-Force researchers is the CaaS (Certificates as a service). Cybercriminals would use the Dark Web for selling high-grade code
Publish At:2015-10-09 21:10 | Read:979 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Certificates as a

D-Link firmware accidentally includes Code Signing Keys

The Taiwanese networking equipment manufacturer D-Link has accidentally published its private code signing keys in the source of one of its firmware update. According to the Dutch news site Tweakers, the Taiwan-based networking equipment manufacturer D-Link accidently published its private code signing keys inside its open sou
Publish At:2015-09-19 20:20 | Read:1151 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Code Signing keys D-Link D

Will Quantum Computers Threaten Modern Cryptography?

Modern cryptography, including elliptic curve cryptography, is being used extensively for securing our internet payments, banking transactions, emails and even phone conversations. The majority of today’s cryptographic algorithms are based on public-key encryption, which is considered to be secure against attacks from modern computers. Quantum computin
Publish At:2015-09-15 08:55 | Read:1863 | Comments:0 | Tags:Cryptography Featured Articles Ashig JA cryptography PKI qua

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud