digital certificates

Pierluigi Paganini January 30, 2015
Mozilla continues the phasing out of 1024-bit SSL CA certificates

Mozilla products including the Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. Mozilla products including the popular Firefox browser will stop trusting SSL certificates that were issued using old root CA certificates with 1024-bit RSA keys. With this decision Mozilla wants to stress certificate authorities (CAs) […]

Pierluigi Paganini November 11, 2014
Masque Attack – every iOS app could be compromised

Researchers at FireEye identified a new attack dubbed the Masque, which allows attackers to replace a genuine app with a malicious one. In these days Apple the community has discovered that is vulnerable to WireLurker, a new strain of malware that is able to infect Apple iPhone and iPad syphoning user’data. The malware was discovered for the […]

Pierluigi Paganini October 03, 2014
Signed CryptoWall ransomware distributed via top websites

A digitally signed version of the popular CryptoWall ransomware is distributed via five Alexa top-ranked websites in a widespread malvertising campaign. Security experts at Barracuda Labs have discovered a new variant of CryptoWall ransomware in the wild, the new strain of malware presents a valid digital signature and it is being delivered as part of a widespread malvertising […]

Pierluigi Paganini September 29, 2014
SHA-1 has been deprecated, what can I do?

The SHA-1 cryptographic hash algorithm has been known vulnerable, Collision attacks against it are too affordable and attacks will get cheaper soon. Many websites today are using digital certificates signed using algorithms based on the hash algorithm called SHA-1. Hashing algorithms are used to ensure the integrity of the certificate in the signing processes, a flawed […]

Pierluigi Paganini September 29, 2014
iFrame-based redirection attacks used to monitor Chinese organizations

Security Experts at FireEye discovered a new malicious campaign which is targeting Chinese organizations with iFrame traffic redirection to serve RAT. Security experts at FireEye observed a new malicious campaign that is targeting non-profit organizations and non-governmental organizations by compromising legitimate website. The threat actors use to compromise legitimate websites to host iframes used to hijack visitors […]

Pierluigi Paganini September 08, 2014
CERT disclosed the list of most popular vulnerable Android apps

The CERT has published the results of its test conducted on popular Android applications that fail to properly validate SSL certificates. In several posts we have discussed about the improper validation of  SSL certificates made by mobile devices, recently we mentioned the case of the Gmail app for iOS devices which, according to an expert at mobile security […]

Pierluigi Paganini July 29, 2014
Misusing Digital Certificates

Excerpt from the post “How Cybercrime Exploits Digital Certificates” which details means and motivation of illicit activities which abuses digital certificates. Digital certificates have been misused many times during recent years. Bad actors abused them to conduct cyber attacks against private entities, individuals and government organizations. The principal abuses of digital certificates observed by security […]

Pierluigi Paganini July 16, 2014
SSL Blacklist a new weapon to fight malware and botnet

A Security Researcher at Abuse.ch has started SSL blacklist project to create an archive of all the digital certificates used for illicit activities. In recent years security experts have discovered many cases in which bad actors have abused of digital certificates for illicit activities, from malware distribution to Internet surveillance. Botmasters are exploiting new techniques to avoid detection by security experts and […]

Pierluigi Paganini December 08, 2013
French Government ANSSI responsible of a MITM against Google SSL-TLS

Google discovered the unauthorized use of digital certificates issued by an intermediate certificate authority linked to ANSSI for several Google domains. Google has revealed that late on December 3rd it became aware of unauthorized digital certificates for several Google domains and immediately has started the investigation. Security experts at Google found that the digital certificates […]

Pierluigi Paganini September 24, 2013
FireEye revealed APT Operation DeputyDog against Japanes entities

Security experts at FireEye discovered the Operation DeputyDog against Japanese entities that exploits Zero-Day (CVE-2013-3893) recently announced by Microsoft. FireEye announced the discovery of the cyberespionage Operation DeputyDog leveraging the recently announced zero-day CVE-2013-3893. FireEye and Kaspersky are the companies most active in the analysis of large espionage campaign that governments and hackers are conducting against strategic targets.  According the analysis based on FireEye […]