Pierluigi Paganini
July 04, 2021
Threat actors compromised the servers of Mongolian certificate authority (CA) MonPass and used its website to spread malware. Hackers compromised the servers of the Mongolian certificate authority (CA) MonPass and used its website to spread malware, reported Avast researchers. According to the experts, the security breach took place at least six months ago, MonPass was […]
Pierluigi Paganini
March 04, 2020
Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. Let’s Encrypt certificate authority (CA) is going to revoke over 3 million certificates today due to a vulnerability in software used to verify users and their […]
Pierluigi Paganini
May 26, 2019
According to Sectigo, most of the certificates used to sign the malware submitted to VirusTotal and issued by the company were expired and were already revoked. This week experts at Chronicle published a study on signed malware registered on VirusTotal that states that most of the digital certificates used to sign malware samples found on […]
Pierluigi Paganini
May 24, 2019
Most of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo). Chronicleâs security researchers have analyzed […]
Pierluigi Paganini
September 06, 2018
The clothing chain C&A in Brazil suffered a cyber attack on its gift card/exchange system last week, hackers leaked data on Pastebin. The International fashion retail clothing chain C&A in Brazil suffered a data breach, the company confirmed hackers hit its gift card platform. Hackers accessed to records belonging to customers who purchased gift cards, exposed data includes ID […]
Pierluigi Paganini
March 24, 2015
Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]
Pierluigi Paganini
July 10, 2014
Google Security experts have detected and blocked unauthorized digital certificates for a number of its domains issued by the NIC of India. Google announced to have blocked unauthorized digital certificates for different of its domains issued by the National Informatics Centre of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA). […]
Pierluigi Paganini
July 09, 2012
Last week, on blog.torproject.org was published the news relative to a security vulnerability found in Cyberoam DPI devices (CVE-2012-3372). All is started when a user in Jordan reported seeing a fake certificate to torproject.org. The certificate was issued by Cyberoam companies and the researchers of the Tor project believed that the CA has been tricked […]
Pierluigi Paganini
February 14, 2012
After the attacks against certification authorities such as VeriSign, Comodo and DigiNotar the level of confidence in the model based on certificates is in sharp decline. There is widespread accusations addressed to the PKI paradigm (public key infrastructure ) which is based on the concept to request to trusted and credited third parties to guarantee […]
Pierluigi Paganini
February 03, 2012
No peace in the cyber space, day after day we read that the computer systems for major corporations and governments are compromised due repeated cyber attacks. This time it was the prestigious Verisign, a name that is our mind we link to the concept of “strong security”, but we are learning that the total security […]
