The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: digital Certificate

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

Beware of Zeus Banking Trojan Signed With Valid Digital Signature
April 06, 2014Anonymous
A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software " signed " with Microsoft's digital certificates of authenticity, an extremely sensitive cryptography seal. Cyber Criminals somehow managed to hack valid Microsoft digital certificate, used it to trick users and admins into trusting the file. Since the executable is digitally signed by the Microsoft developer no antivirus tool could find it as malicious. Digitally signed malware received a lot of media attention last year. Reportedly, more than 200,000 unique malware binaries were discovered in past two years signed with valid digital signatures. A Comodo User submitted a sample of the malicious software that attempts to trick user by masquerading itself as file of Intern

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates
February 06, 2014Anonymous
The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes. " From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit. SHA-1 shall not be used for digital signature generation after December 31, 2013. " NIST in the document. Digital signatures facilitate the safe exchange of electronic documents by providing a way to test both the authenticity and the integrity of information exchanged digitally. Authenticity means when you sign data with a digital signature, someone else can verify the signature, and can confirm that the data originated from you and was not

France Government used Rogue Google SSL Digital Certificates to Spy on users

France Government used Rogue Google SSL Digital Certificates to Spy on users
December 11, 2013Swati Khandelwal
Google has found that the French government agency using unauthorized digital certificates  for some of its own domains to perform man-in-the-middle attacks on a private network. Google security engineer Adam Langley described the incident as a "S erious Security breach ", which was discovered in early December. Rogue digital certificates that had been issued by French certificate authority ANSSI, who closely work with the French Defense agency. "In response, we updated Chrome's certificate revocation metadata immediately to block that intermediate CA, and then alerted ANSSI and other browser vendors. Our actions addressed the immediate problem for our users" Google has immediately blocked the misused intermediate certificate and updated Chrome's certificate revocation list to block all dodgy certificates issued by the French authority. In a statement, ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with the user's knowledge on a p

Security firm Bit9 hacked, Stolen Digital Certs Used To Sign Malware

Security firm Bit9 hacked, Stolen Digital Certs Used To Sign Malware
February 09, 2013Mohit Kumar
Bit9 disclosed Friday that hackers had stolen digital code signing certificates from its network and have utilized it to sign malware. Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms. " As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware ," Bit9 Chief Executive Patrick Morley said in a blog post . The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. " Since we discovered this issue, we have been working closely with all of our customers to ensure they are no longer vulnerable to malware associated with the affected certificate ." and company said it has resolved the issue. It is not the first time that hackers have breached a security firm as part of a

Fake Turkish digital Certificates blocked by Browser vendors

Fake Turkish digital Certificates blocked by Browser vendors
January 04, 2013Anonymous
It's the news of the day, a fraudulent digital certificate that could be used for active phishing attacks against Google's web properties. Using the certificate it is possible to spoof content in a classic phishing schema or perform a man-in-the-middle attack according Google Chrome Security Team and Microsoft experts. Microsoft has been immediately started the procedure to update its Certificate Trust list (CTL) and all versions of its OSs to revoke the certificate. Microsoft has also decided to revoke other two certificates for the same reason, it seems that some attacks using the first certificate have been already detected, fraudulent digital certificate that was mistakenly issued by a domain registrar run by a Turkish domain registrar. Microsoft has issued a security advisory " Microsoft Security Advisory ( 2798897 ) -Fraudulent Digital Certificates Could Allow Spoofing " that states: "Microsoft is aware of active attacks using one fraudulent digital certificate is
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.