Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted macOS targets, with t

The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite potential victims to install a new version of a browser or Adobe Flash Player. However, we recently discovered a new approach to this well-known method: visitors to infected sites were informed that some kind of security certifica

byDanny BradburyLast week was a big one for non-profit digital certificate project Let’s Encrypt – it issued its billionth certificate. It’s a symbolic milestone that shows how important this free certificate service has become to web users.Publicly announced in November 2014, Let’s Encrypt offers TLS certificates for free. These cert

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa

Experts at Google and CWI conducted the first real world collision attack against popular SHA-1 hashing algorithm, so called shattered-attack. Researchers at Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands succeeded in conducting the first real world collision attack against popular SHA-1 hashing algorithm. The researchers created two

Google hacker Tavis Ormandy discovered a serious flaw that affects the Kaspersky antivirus software and the way it manages inspection digital certificates. Experts from Kaspersky are solving a problem that disabled certificate validation for 400 million users. The problem was spotted by the notorious Google hacker Tavis Ormandy, the vulnerability affects the

Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of severe violations that could impact Internet users. Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of violations, including backdating SHA -1 certificates in order to subvert deprecating certs from being trusted. According to a

It has happened again, Mac users who were looking for the BitTorrent client Transmission might have been infected by the OSX/Keydnap malware. Security experts from ESET have spotted the popular BitTorrent client called Transmission distributing Mac malware called OSX/Keydnap that is used to steal the content of OS X’s keychain and maintain a permanent backdo

Shad0w Security (Shad0wS3C) claimed responsibility for the data breach of the EJBCA that resulted in the exposure of credentials and certificates. Shad0w Security claimed responsibility for the data breach of the EJBCA – Open Source PKI Certificate Authority . Shad0w Security recently breached into a Switzerland Branch of EJBCA – Open Source PKI

Experts discovered that the Controversial Surveillance firm Blue Coar was granted a powerful encryption certificate that can be used for web monitoring. Once again we are here speaking about surveillance, security experts have discovered that the controversial firm Blue Coat Systems was granted  powerful encryption digital certificates. Blue Coat sells web-m

WordPress announces “HTTPS Everywhere, Encryption for All WordPress.com Sites,” millions websites will be secured without users’ effort. WordPress is pushing free default SSL for all the website running the popular CMS and hosted on WordPress.com, that means over 26% of websites based on the most popular CMSs on the web will be secured (Sta

The Electronic Frontier Foundation announced that the Let’s Encrypt Certificate Authority issued its millionth certificate. The open Certificate Authority (CA) Let’s Encrypt seems to be a success, the EFF is reaching its goals with the creation of this new certificate authority run by Internet Security Research Group (ISRG). IT giants like Mozilla, Cis

During the latter part of 2015, Kaspersky researchers from GReAT (Global Research and Analysis Team) got hold of the missing pieces of an intricate puzzle that points to the dawn of the first Portuguese-speaking targeted attack group, named “Poseidon.” The group’s campaigns appear to have been active since at least 2005, while the very fir

Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. In late December, security experts at Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. “ThreatLabZ came across yet anothe

The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentiv