Security News
Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks.
An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January. Through service workers, scripts that browsers run as background processes, Saleem Rashid reckons he can exploit Netgear routers to successfully compromise admin panel credentials.
Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.
Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.
Medtronic's latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.
Disposable furniture flogger seeks data wranglers Scandi furniture emporium Ikea is seeking privacy specialists to join its office in Malmö, Sweden.…
Gov.uk portal finally lurched back to life after lunch Furious parents have lashed out at Her Majesty's Revenue and Customs after the UK tax authority let a key HTTPS certificate expire on its...
Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information...
Expensive renewals once a year... or free certificates any time? Tough choice CA/Browser Forum – an industry body of web browser makers, software developers, and security certificate issuers – is...
Maker of Firefox fires fox from hen house guard duty Mozilla on Tuesday added digital certificates belonging to security biz DarkMatter and its subsidiaries to Firefox's OneCRL blocklist, based on...