Certificate News, Articles and Updates

Cyber Security Certification Scheme launched by LDSC & Secured by Design

A pilot of the UK's first police-backed digital certification scheme has been launched the London Digital Security Centre (LDSC) in partnership with Secured by Design (SBD), the national police crime prevention initiative.

Symantec patches certificate spoofing flaw in Install Norton product

Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac.

ICYMI: Symantec cert fraud; FSB arrest; Lloyds DDoS; Salary survey; Scada vulnerabilities

In Case You Missed It: Symantec illegal certs; Kaspersky employee arrest; Lloyds DdoS, SC 2017 salary survey; GE Scada vulnerabilities

Google creates list of untrusted certificate authorities

Google has instituted a blacklist of untrustworthy certificates for use in the company's browser Chrome.

Drown attack could break TLS for third of websites

A new vulnerability could kill a certain kind of encryption for plenty of websites. An OpenSSL update has been rushed out to fix major flaw.

Encryption increasingly used to hide attacks, says new report

Dell's new threat report adds further evidence to support the observation that attackers are increasingly hiding activity within HTTPS.

Let's Encrypt certificates issued for malvertising campaign

The generosity of the free TSL certificate non-profit, Let's Encrypt, has been abused by malvertising cyber-criminals

Dell ships laptops pre-vulnerable to man-in-the-middle attacks

Dell reported that it has been shipping Inspiron 14 laptops since August that inadvertently contained the security certificate, eDellRoot, that essentially gives hackers complete access to the system.

Symantec purges employees after unauthorised use of Google SSL certificates

Symantec have fired several staff members after they created unauthorised and potentially malicious Google SSL certificates

Ashley Madison's source code reveals poor security practices

Security credentials hard coded into repositories could have helped hackers, according to research by security consultant Gabor Szathmari.

CESG forced to pull HTTPS website as SSL certificate gets revoked

CESG, the information arm of GCHQ, was forced to take down its HTTPS website earlier this week after the organisation's SSL digital certificate was revoked.

UK firms at risk from attacks on crypto keys, digital certificates

A joint study from Venafi and the Ponemon Institute reveals that digital keys and certificates are in peril, especially at UK organisations.

Vormetric launches new Vault certificate and key solution

Vormetric has launched a storage solution for the protection and management of digital certificates, encryption keys and password files.

Venafi: CAs are not wholly to blame for certificate-based attacks

Attacks within the certificate infrastructure are due to mismanagement rather than attacks on certificate authorities (CAs).

TurkTrust re-emphasises that there was not a security breach

Turkish certificate authority (CA) TurkTrust has denied that there was any attack, "malevolence, fraud or any other crime factor" on it resulting in the issuing of fraudulent certificates.

Fraudulent certificates from CA TurkTrust leads to browsers revoking trust

The fraudulent issuing of certificates from a Turkish certificate authority (CA) has led to major web browsers revoking trust.