WordPress announces “HTTPS Everywhere, Encryption for All WordPress.com Sites,” millions websites will be secured without users’ effort. WordPress is pushing free default SSL for all the website running the popular CMS and hosted on WordPress.com, that means over 26% of websites based on the most popular CMSs on the web will be secured (Statistics by W3techs). […]
The Electronic Frontier Foundation announced that the Let’s Encrypt Certificate Authority issued its millionth certificate. The open Certificate Authority (CA) Letâs Encrypt seems to be a success, the EFF is reaching its goals with the creation of this new certificate authority run by Internet Security Research Group (ISRG). IT giants like Mozilla, Cisco, Akamai, Automattic and […]
Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. In late December, security experts at Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. “ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in […]
The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentive  the ethical disclosure of vulnerabilities […]
Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big businesses, including firms like Deloitte, are still using SHA-1 certificates, […]
A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time […]
OpenSSL Foundation fixed a critical issue that impacts any application that uses the popular crypto library in the authentication processes. OpenSSL Foundation has issued a security update as announced weeks ago. The patch just released fixes a mysterious security flaw affecting the OpenSSL code library, in the last weeks, the details of the vulnerability weren’t disclosed […]
Kaspersky Lab discovered another APT group dubbed CozyDuke which is believed to have hacked the US Department of State and the White House. Experts at Kaspersky Lab have uncovered a new advanced persistent threat (APT) dubbed CozyDuke that targeted several high-profile organizations in the second half of 2014. Kaspersky experts have published an interesting blog post that includes […]
Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]
A recent report published by experts at Kaspersky Lab revealed that the number of abuses for digital certificates is in constant increase. According to a recent report published by Kaspersky Lab the number of untrusted certificates used to sign malicious code is doubled in the last year. The reason is that there is the wrong […]