certificates
Google also abused its Apple developer certificate to collect iOS user data
It turns out that Google, like Facebook, abused its Apple Enterprise Developer Certificate to distribute a data collection app to iOS users, in direct contravention of …
A final call for replacing security certificates using Symantec roots
Help Net Security sat down with Jeremy Rowley, Executive Vice President of Product at DigiCert. He leads the company’s product development teams serving its TLS and digital …
Explosion of look-alike domains aims to steal sensitive data from online shoppers
Venafi released research on the explosion of look-alike domains, which are routinely used to steal sensitive data from online shoppers. Venafi’s research analyzed suspicious …
Organizations apply stronger PKI security controls due to their increasingly critical role
The Internet of Things is the fastest growing trend driving the deployment of applications that use public key infrastructure as evidenced by the Thales 2018 Global PKI Trends …
Underground vendors can reliably obtain code signing certificates from CAs
More and more malware authors are switching to buying new, valid code signing certificates issued by Certificate Authorities instead of using stolen (compromised) ones, …
Make certificate visibility and security a part of your overall security program
In this podcast recorded at RSA Conference 2018, Asif Karel, Director of Product Management at Qualys, illustrates why certificate visibility and security should not just be …
Counterfeit digital certificates for sale on underground forums
Signing malicious code with valid digital certificates is a helpful trick used by attackers to maximize the odds that malware won’t be flagged by antivirus solutions and …
Realistic, well-positioned Reddit clone is out to grab users’ login credentials
A convincing clone of the popular social news aggregation and discussion site Reddit has been spotted on the reddit.co domain. The author is obviously counting on users not to …
Microsoft plugs 56 vulns, including Office flaw exploited in attacks
As part of the January 2018 Patch Tuesday, Microsoft has released fixes for 56 CVE-listed vulnerabilities, including the Meltdown and Spectre flaws, and an Office bug actively …
How much do criminals pay for certificates on the dark web?
The Cyber Security Research Institute (CSRI) conducted a six-month investigation into the sale of digital code signing certificates on the dark web. The research uncovered …
Making HTTPS phishing sites easier to spot
For years, we taught users that a website’s URL that includes https at its very beginning is a relatively good indicator of whether they can safely input sensitive …
Google to sanction Symantec for misissuing security certificates
In a post on a developers’ forum, software engineer on the Google Chrome team Ryan Sleevi has announced Google’s plan to start gradually distrust all existing …