Home / Early Warning / Cybersecurity Highlights / Filter / Cybersecurity Highlights
Subscribe to INCIBE-CERT - Cybersecurity Highlights RSS

Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.
Post related to: SSL/TLS

DST Root CA X3 certificate has expired

Let’s Encrypt, a non-profit company dedicated to issue SSL certificates, has confirmed that its root certificate, DST Root CA X3, has expired last 30 September, being replacing by the new ISRG Root...

Let’s Encrypt bug in issuance of certificates

The certification authority, Let’s Encrypt, has reported a bug in its CAA (Certification Authority Authorization) code, specifically on Boulder, the CA (Certification Authority) software...

Google announces a method to create SHA1 collisions

A joint research between Google and the Dutch Institute CWI has managed to create a technique to generate two different PDF files with the same SHA-1 hash. According to Google, the possibility of...

Logjam, another SSL vulnerability

The Diffie-Hellman protocol, used for key exchangement by others such as HTTPS, SSH IPSec and any other based on TLS, is affected by a vulnerability that allows a MITM attacker downgrade cyphering...

Bar Mitzvah: attacking RC4 to compromise SSL/TLS

A new attack against a weak RC4 functions allows attacker to decipher data into a ciphered SSL/TLS connection. Unlike the previous attacks involving SSL, this does not need an active connection and...