Home / Early Warning / Cybersecurity Highlights / Filter / Cybersecurity Highlights
Subscribe to CERTSI - Cybersecurity Highlights RSS

Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.
Post related to: SSL/TLS

Let’s Encrypt bug in issuance of certificates

The certification authority, Let’s Encrypt, has reported a bug in its CAA (Certification Authority Authorization) code, specifically on Boulder, the CA (Certification Authority) software...

Google announces a method to create SHA1 collisions

A joint research between Google and the Dutch Institute CWI has managed to create a technique to generate two different PDF files with the same SHA-1 hash. According to Google, the possibility of...

Logjam, another SSL vulnerability

The Diffie-Hellman protocol, used for key exchangement by others such as HTTPS, SSH IPSec and any other based on TLS, is affected by a vulnerability that allows a MITM attacker downgrade cyphering...

Bar Mitzvah: attacking RC4 to compromise SSL/TLS

A new attack against a weak RC4 functions allows attacker to decipher data into a ciphered SSL/TLS connection. Unlike the previous attacks involving SSL, this does not need an active connection and...

Poodle: exploiting SSL 3.0

Published a new attack against the obsolete and unsecured version 3.0 of the SSL cryptographic protocol, called POODLE (Padding Oracle On Downgraded Legacy Encryption). Taking advantage of the...