Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.

Post related to: SSL/TLS

DST Root CA X3 certificate has expired

Let’s Encrypt, a non-profit company dedicated to issue SSL certificates, has confirmed that its root certificate, DST Root CA X3, has expired last 30 September, being replacing by the new ISRG Root...

References: 

letsencrypt.org

scotthelme.co.uk

techcrunch.com

genbeta.com

eleconomista.com

Tags: 

Internet

SSL/TLS

Thousands of Fortinet device login credentials were linked

Cybersecurity solutions provider Fortinet has confirmed that a cybercriminal has made public the SSL-VPN login credentials associated with at least 87.000 FortiGate SSL-VPN devices via the RAMP...

References: 

fortinet.com

bleepingcomputer.com

thehackernews.com

unaaldia.hispasec.com

gist.github.com

Tags: 

Cybercrime

Cyberespionage

Incident

Information leakage

SSL/TLS

Tool

Vulnerability

Let’s Encrypt bug in issuance of certificates

The certification authority, Let’s Encrypt, has reported a bug in its CAA (Certification Authority Authorization) code, specifically on Boulder, the CA (Certification Authority) software...

References: 

community.letsencrypt.org

community.letsencrypt.org

letsencrypt.org

unaaldia.hispasec.com

threatpost.com

Tags: 

Incident

SSL/TLS

Tool

Firefox and Chrome will not trust Symantec's certificates

Mozilla reported that during 2018 no longer trust certificates issued by Symantec and its subsidiaries. The process will be carried out gradually until in October all the sites are marked as...

References: 

mozilla.org

securityweek.com

wccftech.com

certsi.es

certsi.es

googleblog.com

Tags: 

Information leakage

Google

SSL/TLS

Google will invalidate more than 30,000 SSL certificates issued by Symantec

After an investigation to detect a number of security holes in the certificate validation process issued by Symantec, the Google Chrome team determined that Symantec's certificate issuing policies...

References: 

groups.google.com

arstechnica.com

symantec.com

redeszone.net

computerworld.es

Tags: 

Google

Internet

SSL/TLS

Google announces a method to create SHA1 collisions

A joint research between Google and the Dutch Institute CWI has managed to create a technique to generate two different PDF files with the same SHA-1 hash. According to Google, the possibility of...

References: 

security.googleblog.com

pcworld.com

theregister.co.uk

cwi.nl

adslzone.net

Tags: 

Google

Internet

SSL/TLS

Thousands of GoDaddy customers affected by a SSL certificate validation process error

The American company GoDaddy, dedicated to hosting services and domain management, has confirmed the detection on January 6 of a code error in its SSL certificate validation software. This error...

References: 

godaddy.com

threatpost.com

redeszone.net

Tags: 

SSL/TLS

Vulnerability

Logjam, another SSL vulnerability

The Diffie-Hellman protocol, used for key exchangement by others such as HTTPS, SSH IPSec and any other based on TLS, is affected by a vulnerability that allows a MITM attacker downgrade cyphering...

References: 

weakdh.org

thenextweb.com

omicrono.com

incibe.es

Tags: 

SSL/TLS

Vulnerability

Critical vulnerability in SSL affects thousands of iOS apps

Ivan Leichtling, from Yelp, has discovered a vulnerability in the open source library AFNetworking, which provides network functionality to iOS and iOS X products. The vulnerability could allow to...

References: 

thehackernews.com

zdnet.com

arstechnica.com

Tags: 

SSL/TLS

Vulnerability

Apple

Bar Mitzvah: attacking RC4 to compromise SSL/TLS

A new attack against a weak RC4 functions allows attacker to decipher data into a ciphered SSL/TLS connection. Unlike the previous attacks involving SSL, this does not need an active connection and...

References: 

imperva.com

darkreading.com

elladodelmal.com

Tags: 

SSL/TLS

Vulnerability

Pages

• First
• «
• 1 actual
• 2
• »
• Last