#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter
CrowdSec

forged digital certificates | Breaking Cybersecurity News | The Hacker News

Stolen D-Link Certificate Used to Digitally Sign Spying Malware

Stolen D-Link Certificate Used to Digitally Sign Spying Malware
Jul 09, 2018
Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications. As you may know, digital certificates issued by a trusted certificate authority (CA) are used to cryptographically sign computer applications and software and are trusted by your computer for execution of those programs without any warning messages. However, malware author and hackers who are always in search of advanced techniques to bypass security solutions have seen been abusing trusted digital certificates in recent years. Hackers use compromised code signing certificates associated with trusted software vendors in order to sign their malicious code, reducing the possibility of their malware being detected on targeted enterprise networks and consumer

Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections
May 12, 2014
Visiting a website certified with an SSL certificate doesn't mean that the website is not bogus. Secure Sockets Layer (SSL) protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user's computer and a website, such as usernames, passwords, or credit card numbers and also verify the identity of websites. Today hackers and cyber criminals are using every tantrum to steal users' credentials and other sensitive data by injecting fake SSL certificates to the bogus websites impersonating Social media, e-commerce, and financial websites as well. DETECTING FAKE DIGITAL CERTIFICATES WIDELY A Group of researchers, Lin-Shung Huang , Alex Ricey , Erling Ellingseny and Collin Jackson , from the Carnegie Mellon University in collaboration with Facebook have analyzed [ PDF ] more than 3 million SSL connections and found strong evidence that at least 6;845 (0:2%) of them were in fact tampered with forged certiļ¬cates i.e. self-signed di

external linkSay Goodbye to SaaS Blind Spots: Wing Security Unveils Free Discovery Tool

SaaS
websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.
Cybersecurity Resources