Security News

Leaving your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things

2020-01-20 21:23

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.

#netgear #cert #router #TLS #firmware

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit

2020-01-16 23:13

Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.

#cert #citrix #exploit #gateway #mitigation #security #snafu #WEB #windows #CVE-2019-19781

US-CERT warns of critical flaws in Medtronic equipment

2019-11-13 12:06

Medtronic's latest problem is in their Valleylab electrosurgical generators used by surgeons things like cauterisation during operations.

#cert #critical #medtronic #US #uscert

Are you as handy with privacy certs as you are with a screwdriver? Ikea has the perfect vacancy

2019-11-01 15:12

Disposable furniture flogger seeks data wranglers Scandi furniture emporium Ikea is seeking privacy specialists to join its office in Malmö, Sweden.…

#cert #privacy

HMRC's HTTPS howler: Childcare payments site cert expired at 1am on Sunday, down for hours

2019-09-23 13:03

Gov.uk portal finally lurched back to life after lunch Furious parents have lashed out at Her Majesty's Revenue and Customs after the UK tax authority let a key HTTPS certificate expire on its...

#cert #hmrc #http #https #payment

Imperva Breach Exposes WAF Customers' Data, Including SSL Certs, API Keys

2019-08-27 18:48

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information...

#API #breach #cert #SSL #WAF

Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt

2019-08-13 01:43

Expensive renewals once a year... or free certificates any time? Tough choice CA/Browser Forum – an industry body of web browser makers, software developers, and security certificate issuers – is...

#cert #encrypt #http #https #WEB

Mozilla boots alleged snoop troupe from its root cert coop: UAE-based DarkMatter thrown onto CA blocklist

2019-07-10 01:33

Maker of Firefox fires fox from hen house guard duty Mozilla on Tuesday added digital certificates belonging to security biz DarkMatter and its subsidiaries to Firefox's OneCRL blocklist, based on...

#boot #cert #mozilla #root

US-Cert alert! Thanks to a massive bug, VPN now stands for "Vigorously Pwned Nodes"

2019-04-12 21:00

Multiple providers leaving storage cookies up for grabs The US-Cert is raising alarms following the disclosure of a serious vulnerability in multiple VPN services.…

#cert #US #uscert #VPN

US CERT Warns of N. Korean 'Hoplight' Trojan

2019-04-12 15:18

Hidden Cobra, Also Known as Lazarus, Appears to Be Behind the MalwareU.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group...

#cert #trojan #US #uscert

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News