• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

Digital Certificate

Pierluigi Paganini December 11, 2017
Microsoft accidentally exposed Dynamics 365 TLS certificates exposing sandbox environments to MiTM attacks

Microsoft accidentally exposed a Dynamics 365 TLS certificate and private key for at least 100 days leaving the sandbox environments open to MiTM attacks. Data leakage continues to represent a serious problem for organizations, now it’s up to Microsoft that accidentally exposed a Dynamics 365 TLS certificate and private key for at least 100 days. The software […]

Pierluigi Paganini December 09, 2015
xboxlive digital certificate exposed opens users to MITM attacks

Microsoft has issued an advisory to notify customers that the private keys for an SSL/TLS digital certificate for *xboxlive.com have been disclosed. According to a security advisory published by Microsoft, the company is propagating a new certificate for the *.xboxlive.com domain because it has “inadvertently disclosed” the certificate’s contents. Microsoft confirmed the accidental disclosure of the […]

Pierluigi Paganini November 24, 2015
Dell puts users at risk with dangerous eDellRoot root certificate

Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate dubbed eDellRoot that opens users to a number of cyber attacks. Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate that opens users to a number of cyber attacks. Hackers could exploit it to compromise the […]

Pierluigi Paganini October 12, 2015
Apple has several apps from the official iOS App Store

Apple has removed mobile apps from the iOS Apple store that are installing root CA certificates that enable traffic to be intercepted. Apple has pulled several apps out from the official iOS App Store over SSL/TLS security concerns, this means that the security issues could allow threat actors to compromise encrypted connections between the servers […]

Pierluigi Paganini October 07, 2015
Experts discovered the attack platform used by the Winnti Group

Experts at Kaspersky have discovered that Winnti Group has enhanced its attack platform infecting organizations in South Korea, UK and Russia. In 2013, security experts at Kaspersky Lab uncovered a cyber espionage that targeted the gaming industry with a malware signed with a valid digital certificate. The threat actor behind the campaign was dubbed the Winnti group, […]

Pierluigi Paganini June 25, 2015
The Winnti hacking crew is now targeting pharmaceutical and telecoms companies

Security experts at Kaspersky collected evidence that the Winniti APT is moving beyond the gaming industry targeting telecoms and big pharma companies. My most passionate readers, will remember for sure the Winnti group, a Chinese APT discovered by Kaspersky Lab in 2013 that targeted companies in the gaming industry. According to the experts, the Winnti gang has been active […]

Pierluigi Paganini June 16, 2015
Authors of Duqu 2.0 used a stolen digital certificate in attacks

Malware authors behind the Duqu 2.0 used a stolen certificate from the Foxconn company to implement a persistence mechanism and stay stealthy. New details emerge from the investigation conducted by the experts at Kaspersky on the Duqu 2.0 malware that targeted the systems of the company, the threat actors used valid certificate from Hon Hai Precision Industry […]

Pierluigi Paganini April 05, 2015
Google Internet Authority G2 has become untrusted due to an expired certificate

Gmail and Google Apps have noticed on Saturday that the Google Internet Authority G2 has become untrusted due to an expired digital certificate. On Saturday April 4, the Google Internet Certificate Authority G2 has become untrusted due to an expired digital certificate in the chain of trust. The Google Internet Authority G2 is an essential component of the Google PKI […]

Pierluigi Paganini March 24, 2015
Chinese CA issued bogus digital certificates for Google domains

Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]

Pierluigi Paganini March 21, 2015
Qualys provides SSL Labs APIs and a tool to automate SSL/TLS tests

Qualys announced the availability of free assessment SSL Labs APIs and a tool that could be used by users to automate SSL vulnerability testing for websites. The Qualys security firm recently created the Qualys SSL Labs that provided a free tool to conduct free assessment by using its APIs and a new tool that enable SSL […]

  • 1
  • 2
  • 3

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT