A fundamental fault in the SSL handshake could allow hackers to use subvert MacOS and iOS devices and recruit them into a DDoS attack.
Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.
The Certificate Authority (CA) model is broken and the value of certificates is being chipped away, resulting in a lack of trust says Kevin Bocek, adding that his might lead users and even the major browsers to begin to rank CAs.
Let's Encrypt, an initiative of the Internet Security Research Group, has opened its free-of-charge digital certificate store to all.
Windows Defender has come to the rescue giving users the ability to detect and remove the vulnerable Dell certificates from the certificate root store, as well as the affected binaries that might re-install it.
Mozilla has stepped up pressure on enterprise companies that continue to use SHA-1 certificates after research last month demonstrated the algorithm could be broken in as little as three months.
Close to 1 million websites are at risk from fraudsters because they continue to place their trust in security certificates using the vulnerable SHA-1 hashing algorithm.
Certificate authorities are granting SSL certificates to the owners of spoof domain names which are being used to phish customers of well-known retail and banking brands.
Certificate and key errors are costing businesses dearly and undermining the global economy, according to a Ponemon/Venafi report.
ICYMI: hospital in email breach; crashing Chrome; Symantec purges; ICO more free; Apple apps snappedSeptember 25, 2015
In this week's In Case You Missed It (ICYMI): NHS hospital email breached; crash Google Chrome in 16 chars; Symantec dismisses staff over certs; ICO moved from MOJ to Culture; Apple apps infected with malware.
A leak of a major technology company's security key has been discovered, allowing hackers to convince Windows that their malware is legit.
While acknowledging threats from digital certificates, many security professionals are failing to get to grips with the problem, claims Venafi in a new report.
CESG, the information arm of GCHQ, was forced to take down its HTTPS website earlier this week after the organisation's SSL digital certificate was revoked.
Google has reacted quickly to a suspected security breach last week by refusing to recognise certificates from Chinese authority CNNIC.
A lack of control over cryptographic keys and certificates could leave large UK businesses open to attack.
It was five months before the intrusion at Bit9 was detected.
Businesses do not get the concept of certificate management and there is a lack of trust between users, according to Venafi.
Whitelisting technology vendor Bit9 was hacked at the end of Friday, with hackers accessing its code-signing certificates and enabling them to digitally sign malware to appear as legitimate files.
Details of the hack that lead to man-in-the-middle attacks on hundreds of thousands of Iranians' Google accounts and ultimately the liquidation of certificate authority DigiNotar have been released by the Dutch government.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report