Security News

OpenSSL Patches Critical Certificate Validation Vulnerability (Threatpost)
2015-07-09 13:44

A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.

Severe OpenSSL bug that allows certificate forgery has been plugged (Help Net Security)
2015-07-09 13:43

The wait is over: the OpenSSL Project has issued security updates for the popular open-source implementation of the SSL and TLS protocols, and has shared some details about the high severity vulnerabi...

Let's Encrypt CA releases transparency report before its first certificate (Help Net Security)
2015-07-06 12:40

The non-profit CA launched by the EFF, Mozilla and several other businesses and organizations is determined to gain and retain users' trust. After hiring outside experts to conduct a security revi...

Amazon Patches Certificate Vulnerabilities in Fire Phones (Threatpost)
2015-06-29 17:31

Amazon patched three vulnerabilities in its Fire Phone, two of which allow for silent certificate installations.

Microsoft quietly pushes 18 new trusted root certificates (Reddit)
2015-06-29 01:14

Malware Used Stolen Certificate to Infect Kaspersky Network (June 15, 2015) (SANS Newsbites)
2015-06-16 21:11

Attackers Stole Certificate from Foxconn to Hack Kaspersky With Duqu 2.0 (WIRED)
2015-06-15 21:11

Duqu 2.0 Used Stolen Digital Certificate in Attacks: Kaspersky Lab (SecurityWeek)
2015-06-15 19:11

Cyberspies Stole Legit Digital Certificates To Mask Their Malware (Dark Reading)
2015-06-15 17:11

Stuxnet spawn infected Kaspersky using stolen Foxconn digital certificates (ArsTechnica)
2015-06-15 17:11