PKI

Pierluigi Paganini January 31, 2023
GitHub to revoke stolen code signing certificates for GitHub Desktop and Atom

GitHub confirmed that threat actors exfiltrated encrypted code signing certificates for some versions of GitHub Desktop for Mac and Atom apps. GitHub this week disclosed a security breach, threat actors exfiltrated encrypted code signing certificates for some versions of GitHub Desktop for Mac and Atom apps. In response to the incident, the Microsoft-owned company is started […]

Pierluigi Paganini March 04, 2020
Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. Let’s Encrypt certificate authority (CA) is going to revoke over 3 million certificates today due to a vulnerability in software used to verify users and their […]

Pierluigi Paganini July 02, 2019
Firefox finally addressed the Antivirus software TLS Errors

Firefox finally addressed the issues with antivirus apps crashing HTTPS websites starting with the release of Firefox 68. Mozilla announced that it will resolve the issues that caused antivirus apps crashing HTTPs websites with the release of Firefox 68 version. The problems began after the release of Firefox 65 in December 2018, since then experts […]

Pierluigi Paganini February 27, 2019
Experts devised 3 attacks Show Signed PDF Documents Cannot Be Trusted

Experts found several flaws in popular PDF viewers and online validation services that allow to deceive the digital signature validation process. Several PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating their digital signature. A group of academics from the German Ruhr-University […]

Pierluigi Paganini March 30, 2018
Ensuring best website security through SSL Certificate updates.

What are the advantages for adopting an SSL Certificates and why is it important to discover and analyze SSL Certificates online? Secure Socket Layer (SSL) has gained weight with the increasing concern of security for all sensitive data online. In fact, it is the only reliable source for secure business and data handling. The entire […]

Pierluigi Paganini March 13, 2018
Study confirms the trade of code-signing certificates is a flourishing business

According to a new study conducted by American and Czech researchers, the trade of code-signing certificates is a flourishing business. Code-signing certificates are precious commodities in the dark web, according to a new study conducted by American and Czech researchers and Symantec Labs technical director Christopher Gates their trade is a flourishing business. The experts pointed out […]

Pierluigi Paganini November 20, 2017
The controversial certificate authority StartCom will go out of business on January 1, 2018

The Startcom CA board chairman Xiaosheng Tan, announced that the controversial certificate authority will end its activity on January 1, 2018. The controversial certificate authority StartCom is going to close, according to board chairman Xiaosheng Tan, the business will end its activity on January 1, 2018. Starting from January 1, 2018, StartCom will no longer issue new digital […]

Pierluigi Paganini November 06, 2017
Malware signed with stolen Digital code-signing certificates continues to bypass security software

A group of researchers demonstrated that malware signed with stolen Digital code-signing certificates continues to bypass security software. A recent study conducted by the Cyber Security Research Institute (CSRI) revealed that stolen digital code-signing certificates are available for sale for anyone to purchase on the dark web for up to $1,200. Digital code-signing certificates are a precious […]

Pierluigi Paganini October 19, 2017
Threat actors started scanning for SSH Keys on websites

Threat actors in the wild are mass-scanning websites for directories containing SSH private keys to hack them. The SSH allows a secure way to connect to servers hosting the websites, it allows administrators to get a terminal on them and enter commands. The SSH authentication could rely on login credentials (username and password), or on a […]

Pierluigi Paganini October 17, 2017
ROCA vulnerability (CVE-2017-15361) allows attackers to recover users Private RSA Keys

ROCA vulnerability (CVE-2017-15361) allows attackers to recover users Private RSA Keys, billion devices potentially impacted. While security experts are discussing the dreaded KRACK attack against WiFi networks IT giants, including Fujitsu, Google, HP, Lenovo, and Microsoft are warning their customers of a severe flaw in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies. The vulnerability, tracked […]