digital certificates – Page 2

APTs, RATs and Code-Signing Attacks

Posted on April 21, 2020 by Ryan Sanders

Code-signing certificates have become a high-value target for cybercriminals. Here’s how to keep your certificates safe There’s a lot of buzz right now about a report, recently released by BlackBerry that reveals how five related APT groups have… Continue reading APTs, RATs and Code-Signing Attacks→

Mokes and Buerak distributed under the guise of security certificates

Posted on March 5, 2020 by AMR

We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired. Continue reading Mokes and Buerak distributed under the guise of security certificates→

Let’s Encrypt issues one billionth free certificate

Posted on March 2, 2020 by Danny Bradbury

Thanks to this flood of free certificates, the web is a lot more encrypted than it was a few years ago. Continue reading Let’s Encrypt issues one billionth free certificate→

Scalability Critical in Manufacturing IoT Cybersecurity

Posted on February 13, 2020 by Mike Nelson

Manufacturers that deploy IoT applications have invested considerably in cybersecurity to help protect their brands and meet compliance requirements. Analysts routinely include security in their top IT trends, and this year is no exception. However, i… Continue reading Scalability Critical in Manufacturing IoT Cybersecurity→

NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability

Posted on January 17, 2020 by Casey Crane

NSA discloses a Windows security flaw that leaves more than 900 million devices vulnerable to spoofed digital certificates The National Security Agency (NSA) isn’t exactly known for wanting to share…
The post NSA: Microsoft Releases Patch to F… Continue reading NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability→

Powerful GPG collision attack spells the end for SHA-1

Posted on January 13, 2020 by Danny Bradbury

New research has heightened an already urgent call to abandon SHA-1, a cryptographic algorithm still used in many popular online services. Continue reading Powerful GPG collision attack spells the end for SHA-1→

Researchers discover weakness in IoT digital certificates

Posted on December 17, 2019 by Danny Bradbury

IoT devices are using weak digital certificates that could expose them to attack, according to a study released over the weekend. Continue reading Researchers discover weakness in IoT digital certificates→

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

Posted on October 3, 2019 by GReAT

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples. Continue reading COMpfun successor Reductor infects files on the fly to compromise TLS traffic→

Managing the Chaos of Digital Certificates

Posted on September 20, 2019 by Tony Bradley

Qualys is a sponsor of TechSpective Organizations are stuck in the middle when it comes to digital certificates. Certificates are table stakes at this point—a business requirement because customers expect a website to be secure. However, proposed… Continue reading Managing the Chaos of Digital Certificates→

New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware

Posted on September 16, 2019 by Elizabeth Montalbano

ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market. Continue reading New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware→