HackDig : Dig high-quality web security articles for hackers

IT threat evolution Q1 2020

Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted macOS targets, with t
Publish At:2020-05-24 07:11 | Read:814 | Comments:0 | Tags:Featured Malware reports Apple iOS Apple MacOS APT Data leak

Mokes and Buerak distributed under the guise of security certificates

The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite potential victims to install a new version of a browser or Adobe Flash Player. However, we recently discovered a new approach to this well-known method: visitors to infected sites were informed that some kind of security certifica
Publish At:2020-03-05 08:33 | Read:1106 | Comments:0 | Tags:Featured Incidents Backdoor Digital Certificates Trojan Vuln

Let’s Encrypt issues one billionth free certificate

byDanny BradburyLast week was a big one for non-profit digital certificate project Let’s Encrypt – it issued its billionth certificate. It’s a symbolic milestone that shows how important this free certificate service has become to web users.Publicly announced in November 2014, Let’s Encrypt offers TLS certificates for free. These cert
Publish At:2020-03-02 09:21 | Read:1190 | Comments:0 | Tags:Cryptography ACME Automated Certificate Management Environme

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa
Publish At:2019-10-03 07:00 | Read:1882 | Comments:0 | Tags:APT reports Featured Browser Digital Certificates Encryption

SHAttered attack, Google and CWI conducted the first SHA-1 collision attack

Experts at Google and CWI conducted the first real world collision attack against popular SHA-1 hashing algorithm, so called shattered-attack. Researchers at Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands succeeded in conducting the first real world collision attack against popular SHA-1 hashing algorithm. The researchers created two
Publish At:2017-02-24 10:20 | Read:4383 | Comments:0 | Tags:Breaking News Hacking Collision Attack digest digital certif

Kaspersky fixing a serious problem with inspection digital certificates

Google hacker Tavis Ormandy discovered a serious flaw that affects the Kaspersky antivirus software and the way it manages inspection digital certificates. Experts from Kaspersky are solving a problem that disabled certificate validation for 400 million users. The problem was spotted by the notorious Google hacker Tavis Ormandy, the vulnerability affects the
Publish At:2017-01-04 10:40 | Read:4892 | Comments:0 | Tags:Breaking News Digital ID Hacking digital certificates Kasper

Mozilla plans to ban the Chinese CA WoSign due to trust violations

Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of severe violations that could impact Internet users. Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of violations, including backdating SHA -1 certificates in order to subvert deprecating certs from being trusted. According to a
Publish At:2016-09-30 12:00 | Read:4950 | Comments:0 | Tags:Breaking News Digital ID Security Certification Authority di

BitTorrent client Transmission found distributing Mac malware once again

It has happened again, Mac users who were looking for the BitTorrent client Transmission might have been infected by the OSX/Keydnap malware. Security experts from ESET have spotted the popular BitTorrent client called Transmission distributing Mac malware called OSX/Keydnap that is used to steal the content of OS X’s keychain and maintain a permanent backdo
Publish At:2016-09-02 08:10 | Read:4837 | Comments:0 | Tags:Breaking News Cyber Crime Malware Apple BitTorrent BitTorren

Shad0wS3C claimed responsibility for the EJBCA data breach

Shad0w Security (Shad0wS3C) claimed responsibility for the data breach of the EJBCA that resulted in the exposure of credentials and certificates. Shad0w Security claimed responsibility for the data breach of the EJBCA – Open Source PKI Certificate Authority . Shad0w Security recently breached into a Switzerland Branch of EJBCA – Open Source PKI
Publish At:2016-07-27 18:30 | Read:3775 | Comments:0 | Tags:Breaking News Cyber Crime Hacking digital certificates EJBCA

Why surveillance firm Blue Coat was granted a powerful encryption certificate?

Experts discovered that the Controversial Surveillance firm Blue Coar was granted a powerful encryption certificate that can be used for web monitoring. Once again we are here speaking about surveillance, security experts have discovered that the controversial firm Blue Coat Systems was granted  powerful encryption digital certificates. Blue Coat sells web-m
Publish At:2016-05-29 08:20 | Read:4067 | Comments:0 | Tags:Breaking News Hacking Intelligence Blue Coat digital certifi

WordPress pushes Free HTTPS Encryption for all its blogs

WordPress announces “HTTPS Everywhere, Encryption for All WordPress.com Sites,” millions websites will be secured without users’ effort. WordPress is pushing free default SSL for all the website running the popular CMS and hosted on WordPress.com, that means over 26% of websites based on the most popular CMSs on the web will be secured (Sta
Publish At:2016-04-11 18:30 | Read:5225 | Comments:0 | Tags:Breaking News Security digital certificates encryption HTTPS

Let’s Encrypt has already issued one Million certificates

The Electronic Frontier Foundation announced that the Let’s Encrypt Certificate Authority issued its millionth certificate. The open Certificate Authority (CA) Let’s Encrypt seems to be a success, the EFF is reaching its goals with the creation of this new certificate authority run by Internet Security Research Group (ISRG). IT giants like Mozilla, Cis
Publish At:2016-03-09 11:05 | Read:6091 | Comments:0 | Tags:Breaking News Digital ID Security digital certificates EFF L

Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage

During the latter part of 2015, Kaspersky researchers from GReAT (Global Research and Analysis Team) got hold of the missing pieces of an intricate puzzle that points to the dawn of the first Portuguese-speaking targeted attack group, named “Poseidon.” The group’s campaigns appear to have been active since at least 2005, while the very fir
Publish At:2016-02-09 18:25 | Read:5853 | Comments:0 | Tags:Blog Featured Research APT Brasil Brazil Cyber espionage Dig

Authors digitally signed Spymel Trojan to evade detection

Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. In late December, security experts at Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. “ThreatLabZ came across yet anothe
Publish At:2016-01-08 10:15 | Read:4737 | Comments:0 | Tags:Breaking News Cyber Crime Malware CaaS Certificates as a ser

The US DoD still uses SHA-1 signed certificates for use by military agencies

The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentiv
Publish At:2015-10-28 22:20 | Read:4745 | Comments:0 | Tags:Breaking News Digital ID Hacking Security digital certificat


Tag Cloud