Digital Certificate

Pierluigi Paganini December 11, 2017
Microsoft accidentally exposed Dynamics 365 TLS certificates exposing sandbox environments to MiTM attacks

Microsoft accidentally exposed a Dynamics 365 TLS certificate and private key for at least 100 days leaving the sandbox environments open to MiTM attacks. Data leakage continues to represent a serious problem for organizations, now it’s up to Microsoft that accidentally exposed a Dynamics 365 TLS certificate and private key for at least 100 days. The software […]

Pierluigi Paganini December 09, 2015
xboxlive digital certificate exposed opens users to MITM attacks

Microsoft has issued an advisory to notify customers that the private keys for an SSL/TLS digital certificate for *xboxlive.com have been disclosed. According to a security advisory published by Microsoft, the company is propagating a new certificate for the *.xboxlive.com domain because it has “inadvertently disclosed” the certificate’s contents. Microsoft confirmed the accidental disclosure of the […]

Pierluigi Paganini November 24, 2015
Dell puts users at risk with dangerous eDellRoot root certificate

Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate dubbed eDellRoot that opens users to a number of cyber attacks. Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate that opens users to a number of cyber attacks. Hackers could exploit it to compromise the […]

Pierluigi Paganini October 12, 2015
Apple has several apps from the official iOS App Store

Apple has removed mobile apps from the iOS Apple store that are installing root CA certificates that enable traffic to be intercepted. Apple has pulled several apps out from the official iOS App Store over SSL/TLS security concerns, this means that the security issues could allow threat actors to compromise encrypted connections between the servers […]

Pierluigi Paganini October 07, 2015
Experts discovered the attack platform used by the Winnti Group

Experts at Kaspersky have discovered that Winnti Group has enhanced its attack platform infecting organizations in South Korea, UK and Russia. In 2013, security experts at Kaspersky Lab uncovered a cyber espionage that targeted the gaming industry with a malware signed with a valid digital certificate. The threat actor behind the campaign was dubbed the Winnti group, […]

Pierluigi Paganini June 25, 2015
The Winnti hacking crew is now targeting pharmaceutical and telecoms companies

Security experts at Kaspersky collected evidence that the Winniti APT is moving beyond the gaming industry targeting telecoms and big pharma companies. My most passionate readers, will remember for sure the Winnti group, a Chinese APT discovered by Kaspersky Lab in 2013 that targeted companies in the gaming industry. According to the experts, the Winnti gang has been active […]

Pierluigi Paganini June 16, 2015
Authors of Duqu 2.0 used a stolen digital certificate in attacks

Malware authors behind the Duqu 2.0 used a stolen certificate from the Foxconn company to implement a persistence mechanism and stay stealthy. New details emerge from the investigation conducted by the experts at Kaspersky on the Duqu 2.0 malware that targeted the systems of the company, the threat actors used valid certificate from Hon Hai Precision Industry […]

Pierluigi Paganini April 05, 2015
Google Internet Authority G2 has become untrusted due to an expired certificate

Gmail and Google Apps have noticed on Saturday that the Google Internet Authority G2 has become untrusted due to an expired digital certificate. On Saturday April 4, the Google Internet Certificate Authority G2 has become untrusted due to an expired digital certificate in the chain of trust. The Google Internet Authority G2 is an essential component of the Google PKI […]

Pierluigi Paganini March 24, 2015
Chinese CA issued bogus digital certificates for Google domains

Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]

Pierluigi Paganini March 21, 2015
Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests

Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL […]