This year is finally coming to an end, and it only took us about eight consecutive months of March to get here. There is a ton to talk about, and that’s without even discussing the literal global pandemic. You see, 2020’s news stories were the pressure-cooker product of mania, chaos, and the downright absurd. “Murder hornets” made the journey to the

Apple holds the keys to nearly all recent Mac software. This is a story of those keys, and how a Hewlett Packard (HP) error caused problems for a lot of people. Code signing and certificates First, it’s important to understand that when I say “keys,” what I really mean is “certificates.” These certificates are similar to t

Researchers observed digital attackers employing expired security certificates as a disguise to distribute the Buerak downloader and Mokes malware.Kaspersky Lab learned of a new attack method in which malicious actors leveraged infected websites to warn visitors of an expired security certificate. The Russian security firm traced the first instances of these

When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made.A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but us

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers.In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed trust for the Dell-issued unconstrained digital certificates

Vonteera is an adware family that has been around for years. They stand out from the rest because of their very intrusive changes to the affected systems, which is why you will see them classified as Trojan by some anti-malware solutions. Recently, they added a new trick to their arsenal: using system certificates to disable anti-malware and anti-virus softw

Let’s Encrypt, a movement to issue free and automated HTTPS certificates, today hit a major milestone when its first cert went live.The desire to encrypt web-based services has accelerated projects such as Let’s Encrypt, which was announced last November, and promised by the close of this summer to get the ball rolling on making free certs easily

Certifi-Gate is the name of a new vulnerability affecting Android mobile devices discovered by Check Point security that could be exploited to control them. Android users had a bad time after discovering the “Stagefright” vulnerability, but unfortunately other security issues are warning them. It was recently disco

Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain.Google’s engineers were able to bloc

Microsoft has blacklisted a phony SSL certificate that’s been making the rounds and is in the process of warning the general public that the certificate could be leveraged to stage man-in-the-middle attacks.In a security advisory published yesterday the company stressed that an improper certificate for the domain “live.fi” could also be use

For the past several months, the major threats to mobile security, especially within large enterprises have relied on exploiting one thing – iOS Enterprise Certificates. Wirelurker, one of the first significant malwares to affect non-jailbroken devices and Masque Attack, a family of vulnerability in iOS, one of which Wirelurker exploits proved a lethal

Yesterday was Firefox's most recent Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.For those who like to keep their feature set behind the leading edge, yet stay on top of security fixes, there's also ESR 24.8 and ESR 31.1.ESR is short for Extended Support Release; these versions are squarel