certificates
Pirated App Store client for iOS found on Apple’s App Store
An app called 开心日常英语 (“Happy Daily English”), which has been offered for download via Apple’s official App Store, has been revealed to be a fully functional …
Microsoft will stop trusting certificates from 20 Certificate Authorities
Starting on January 2016, Microsoft’s Trusted Root Certificate Program will no longer include twenty currently trusted CAs and will remove their root certificates …
Windows machines stop trusting Dell’s two unconstrained root CA certs
Microsoft has updated the Certificate Trust list for all supported releases of Microsoft Windows so that the two digital certificates (complete with inadvertently disclosed …
More than 900 embedded devices share hard-coded certs, SSH host keys
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a …
Another root CA cert with key found on Dell’s machines
The main piece of news on Monday was that Dell’s desktop PCs and laptops shipped since August 2015 contain a root CA certificate (eDellRoot) complete with the private …
Dell shipped computers with root CA cert, private crypto key included
All desktop and laptops shipped by Dell since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it, opening users to the …
Sale of legitimate code-signing certs booms on darknet markets
In the underground cybercrime economy, many players have specialized in one or two skills and services. It should come as no surprise, then, that some have become experts at …
With unprotected keys and certificates, businesses lose customers
Unprotected and poorly managed keys and certificates result in a loss of customers, costly outages, failed audits, and security breaches, according to The Ponemon Institute …
Symantec fires employees who issued rogue Google certificates
Symantec has fired several employees that have been involved in the issuing of rogue certificates for some Google domains.“We learned on Wednesday that a small number of …
D-Link accidentally leaks code-signing certs in its firmware
Malware peddlers don’t always have to steal or buy (from sellers on underground forums) legitimate and valid code-signing certificates to sign their malware with – …
Security pros acknowledge risks from untrusted certificates but take no action
A Venafi survey of 300 Black Hat USA 2015 attendees reveals that most IT security professionals understand and acknowledge the risks associated with untrustworthy certificates …
Stolen Foxconn certs used to sign malware used in Kaspersky Lab attack
“After last week’s revelation that their corporate network has been hit by APT actors wielding a newer version of the infamous, Stuxnet-related Duqu attack …