Category Archives: certificate

[SANS ISC] Quick Status of the CAA DNS Record Adoption

Posted on by

I published the following diary on isc.sans.edu: “Quick Status of the CAA DNS Record Adoption“: In 2017, we already published a guest diary about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since

The post [SANS ISC] Quick Status of the CAA DNS Record Adoption appeared first on /dev/random.

Continue reading [SANS ISC] Quick Status of the CAA DNS Record Adoption

Ask Hackaday: What Can Be Done with Your Bootlooping Blu-Ray?

Posted on by

Last Friday, thousands of owners of Samsung Blu Ray players found that their home entertainment devices would no longer boot up. While devices getting stuck in a power-cycling loop is not uncommon, this case stands out as it affected a huge range of devices all at the same time. Samsung’s …read more

Continue reading Ask Hackaday: What Can Be Done with Your Bootlooping Blu-Ray?

Let’s Encrypt Says It Will Revoke 3M Certificates Due to Software Bug

Posted on by

Non-profit certificate authority (CA) Let’s Encrypt announced it will revoke more than three million digital certificates due to a software bug. On March 3, Let’s Encrypt revealed its plan to revoke 3,048,289 currently-valid certificates. T… Continue reading Let’s Encrypt Says It Will Revoke 3M Certificates Due to Software Bug

Apple Goes Rogue, Drops Unilateral TLS Certificate Guillotine

Posted on by

Safari will no longer trust certificates that last longer than 13 months. Yes, you read that right; IT and DevOps are spitting blood.
The post Apple Goes Rogue, Drops Unilateral TLS Certificate Guillotine appeared first on Security Boulevard.
Continue reading Apple Goes Rogue, Drops Unilateral TLS Certificate Guillotine

Forgot to Renew Your TLS Certificate, Microsoft?

Posted on by

Microsoft Teams went dark for seven hours yesterday. It turns out the Teams team forgot to renew a TLS certificate.
The post Forgot to Renew Your TLS Certificate, Microsoft? appeared first on Security Boulevard.
Continue reading Forgot to Renew Your TLS Certificate, Microsoft?

New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

Posted on by

ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market. Continue reading New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

‘Critical’ flaw in apps for Sennheiser headphones allows certificate access

Posted on by

Two applications developed by German electronics company Sennheiser contain vulnerabilities that could make it possible for hackers to forge digital certificates and impersonate legitimate websites. Sennheiser’s two apps, HeadSetup and HeadSetup Pro, installed certificates on users’ computers then failed to secure the key, according to a vulnerability report published Wednesday by the German security consulting firm Secorvo. The mistake means that hackers could decrypt the key and use the certificate, a means of digital authentication, to monitor victims’ traffic and launch main-in-the-middle attacks. “We found — caused by a critical implementation flaw — the secret signing key of one of the clandestine planted root certificates can be easily obtained by an attacker,” the Secorvo report states. “This allows him or her to sign up and issue technically trustworthy certificates. Users affected by this implementation bug can become victim of such a certificate forgery, allowing an attacker to send e.g. trustworthy signed […]

The post ‘Critical’ flaw in apps for Sennheiser headphones allows certificate access appeared first on Cyberscoop.

Continue reading ‘Critical’ flaw in apps for Sennheiser headphones allows certificate access