HackDig : Dig high-quality web security articles for hackers

The strangest cybersecurity events of 2020: a look back

This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020’s news stories were the pressure-cooker product of mania, chaos, and the downright absurd. “Murder hornets” made the journey to the
Publish At:2020-12-31 15:24 | Read:252 | Comments:0 | Tags:Security world 2020 certificates coronavirus coronavirus ant

HP printer issue on Mac: What happened?

Apple holds the keys to nearly all recent Mac software. This is a story of those keys, and how a Hewlett Packard (HP) error caused problems for a lot of people. Code signing and certificates First, it’s important to understand that when I say “keys,” what I really mean is “certificates.” These certificates are similar to t
Publish At:2020-10-29 14:11 | Read:480 | Comments:0 | Tags:Malwarebytes news Apple certificates macOS

Expired Certificates Used as Disguise to Spread Buerak, Mokes Malware

Researchers observed digital attackers employing expired security certificates as a disguise to distribute the Buerak downloader and Mokes malware.Kaspersky Lab learned of a new attack method in which malicious actors leveraged infected websites to warn visitors of an expired security certificate. The Russian security firm traced the first instances of these
Publish At:2020-03-06 11:02 | Read:1017 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Buerak

Where is my (intermediate) TLS certificate?

When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made.A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but us
Publish At:2016-01-27 21:35 | Read:3655 | Comments:0 | Tags:Security certificates cryptography TLS

Microsoft Removes Trust for eDellroot Certificates

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers.In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates
Publish At:2015-12-01 17:25 | Read:4626 | Comments:0 | Tags:Microsoft Privacy certificates CTLs Dell eDellroot root cert

Vonteera Adware Uses Certificates to Disable Anti-Malware

Vonteera is an adware family that has been around for years. They stand out from the rest because of their very intrusive changes to the affected systems, which is why you will see them classified as Trojan by some anti-malware solutions. Recently, they added a new trick to their arsenal: using system certificates to disable anti-malware and anti-virus softw
Publish At:2015-11-20 21:25 | Read:4732 | Comments:0 | Tags:Security Threat Anti-Malware antivirus certificates malware

First Let’s Encrypt Free Certificate Goes Live

Let’s Encrypt, a movement to issue free and automated HTTPS certificates, today hit a major milestone when its first cert went live.The desire to encrypt web-based services has accelerated projects such as Let’s Encrypt, which was announced last November, and promised by the close of this summer to get the ball rolling on making free certs easily
Publish At:2015-09-16 03:40 | Read:3500 | Comments:0 | Tags:Cryptography Privacy Web Security certificate authority cert

Certifi-Gate, a new Android flaw allows hackers to control your mobile

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them. Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently disco
Publish At:2015-08-10 12:15 | Read:4528 | Comments:0 | Tags:Breaking News Hacking Mobile Android Certifi-Gate certificat

CA Linked to Chinese Registrar Issued Unauthorized Google Certificates

Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain.Google’s engineers were able to bloc
Publish At:2015-03-24 01:00 | Read:3187 | Comments:0 | Tags:Uncategorized certificates Encryption google SSL Web securit

Microsoft Warns Fraudulent Certificate Could Lead to MiTM Attacks

Microsoft has blacklisted a phony SSL certificate that’s been making the rounds and is in the process of warning the general public that the certificate could be leveraged to stage man-in-the-middle attacks.In a security advisory published yesterday the company stressed that an improper certificate for the domain “live.fi” could also be use
Publish At:2015-03-18 01:00 | Read:3635 | Comments:0 | Tags:Microsoft Vulnerabilities CA certificates CTL HTTPS Man-in-t

Demystifying iOS Enterprise Certificates

For the past several months, the major threats to mobile security, especially within large enterprises have relied on exploiting one thing – iOS Enterprise Certificates. Wirelurker, one of the first significant malwares to affect non-jailbroken devices and Masque Attack, a family of vulnerability in iOS, one of which Wirelurker exploits proved a lethal
Publish At:2015-02-26 01:55 | Read:3892 | Comments:0 | Tags:Featured Articles Off Topic Apple Certificates iOS WireLurke

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's most recent Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.For those who like to keep their feature set behind the leading edge, yet stay on top of security fixes, there's also ESR 24.8 and ESR 31.1.ESR is short for Extended Support Release; these versions are squarel
Publish At:2014-09-03 17:10 | Read:4103 | Comments:0 | Tags:Featured Firefox Privacy Vulnerability 42 certificates forty


Tag Cloud