Certificates

SSL handshake weakness leaves MacOS, iOS devices open to MitM attacks

SSL handshake weakness leaves MacOS, iOS devices open to MitM attacks

By

A fundamental fault in the SSL handshake could allow hackers to use subvert MacOS and iOS devices and recruit them into a DDoS attack.

Retefe banking Trojan now targeting UK banking customers

Retefe banking Trojan now targeting UK banking customers

By

Avast Security is reporting that the Retefe banking Trojan is now targeting UK banking customers by redirecting them to fake banking websites.

The new security landscape: more encryption, more problems

The new security landscape: more encryption, more problems

The Certificate Authority (CA) model is broken and the value of certificates is being chipped away, resulting in a lack of trust says Kevin Bocek, adding that his might lead users and even the major browsers to begin to rank CAs.

Let's Encrypt says get your free digital security certificates here

Let's Encrypt says get your free digital security certificates here

By

Let's Encrypt, an initiative of the Internet Security Research Group, has opened its free-of-charge digital certificate store to all.

Win32/CompromisedCert.D is now certifiably Dell-stroyed

Win32/CompromisedCert.D is now certifiably Dell-stroyed

By

Windows Defender has come to the rescue giving users the ability to detect and remove the vulnerable Dell certificates from the certificate root store, as well as the affected binaries that might re-install it.

Mozilla may reject SHA-1 certificates six months early

Mozilla may reject SHA-1 certificates six months early

Mozilla has stepped up pressure on enterprise companies that continue to use SHA-1 certificates after research last month demonstrated the algorithm could be broken in as little as three months.

Nearly 1m sites at risk because they use 'insecure' SHA-1 encryption

Nearly 1m sites at risk because they use 'insecure' SHA-1 encryption

By

Close to 1 million websites are at risk from fraudsters because they continue to place their trust in security certificates using the vulnerable SHA-1 hashing algorithm.

Fraudsters exploit weak SSL certificate security to set up hundreds of phishing sites

Fraudsters exploit weak SSL certificate security to set up hundreds of phishing sites

By

Certificate authorities are granting SSL certificates to the owners of spoof domain names which are being used to phish customers of well-known retail and banking brands.

Unprotected keys and certificates losing customers for businesses

Unprotected keys and certificates losing customers for businesses

By

Certificate and key errors are costing businesses dearly and undermining the global economy, according to a Ponemon/Venafi report.

ICYMI: hospital in email breach; crashing Chrome; Symantec purges; ICO more free; Apple apps snapped

ICYMI: hospital in email breach; crashing Chrome; Symantec purges; ICO more free; Apple apps snapped

By

In this week's In Case You Missed It (ICYMI): NHS hospital email breached; crash Google Chrome in 16 chars; Symantec dismisses staff over certs; ICO moved from MOJ to Culture; Apple apps infected with malware.

Leaked D-Link security key allows hackers to disguise malware as legit

Leaked D-Link security key allows hackers to disguise malware as legit

By

A leak of a major technology company's security key has been discovered, allowing hackers to convince Windows that their malware is legit.

Security pros failing to check rampant misuse of digital certificates

Security pros failing to check rampant misuse of digital certificates

By

While acknowledging threats from digital certificates, many security professionals are failing to get to grips with the problem, claims Venafi in a new report.

CESG forced to pull HTTPS website as SSL certificate gets revoked

CESG forced to pull HTTPS website as SSL certificate gets revoked

By

CESG, the information arm of GCHQ, was forced to take down its HTTPS website earlier this week after the organisation's SSL digital certificate was revoked.

Google refuses to accept Chinese internet certificates

Google refuses to accept Chinese internet certificates

Google has reacted quickly to a suspected security breach last week by refusing to recognise certificates from Chinese authority CNNIC.

Key and certificate challenges could end up costing UK businesses £247 million

By

A lack of control over cryptographic keys and certificates could leave large UK businesses open to attack.

Bit9 attack took place five months before detection, company suspects larger campaign

By

It was five months before the intrusion at Bit9 was detected.

Attacks on businesses could cost £260 million due to certificate and key issues

Attacks on businesses could cost £260 million due to certificate and key issues

By

Businesses do not get the concept of certificate management and there is a lack of trust between users, according to Venafi.

Bit9 rocked by attackers who breach certificates and sign them as malware

Bit9 rocked by attackers who breach certificates and sign them as malware

By

Whitelisting technology vendor Bit9 was hacked at the end of Friday, with hackers accessing its code-signing certificates and enabling them to digitally sign malware to appear as legitimate files.

DigiNotar hack details revealed by Dutch government

By

Details of the hack that lead to man-in-the-middle attacks on hundreds of thousands of Iranians' Google accounts and ultimately the liquidation of certificate authority DigiNotar have been released by the Dutch government.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US