The EFF’s Decentralized SSL Observatory turned up 1,600 certificates that should have been rejected but instead passed browser checks because they were manipulated by Komodia’s SSL Digester interception module.
Tag Archives: Hacks
Google Pwnium Program Now Open All Year
Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest at CanSecWest every spring. The Pwn2Own contest has been the origin of […]
Gemalto: ‘SIM Products Are Secure’
Gemalto officials say that while they are still in the process of investigating whether the company was compromised by the NSA and GCHQ to access the encryption keys for its SIM cards, they say they believe their products and platforms are secure. In a statement issued Monday, Gemalto officials said they are still trying to […]
Komodia Website Under DDoS Attack
Komodia.com, home of the SSL module at the heart of the Superfish scandal, is offline because of a DDoS attack.
Gemalto Hack May Have Far-Reaching Effects
Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries. The attack, reported […]
Massive, Decades-Long Cyberespionage Framework Uncovered
CANCUN–Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations.
Spat Leads to Partial Leak of Rig Exploit Kit
A reseller of the Rig Exploit Kit has leaked some of the source code behind the pack after parting ways with the kit’s developer. Experts don’t expect a spike in Rig-based attacks.
Facebook ThreatExchange Platform Latest Hope for Information Sharing
Facebook announced ThreatExchange, an API-based platform for the exchange of attack and threat data.
Flash Zero Days Dominate Exploit Landscape
The recent Flash zero-day vulnerabilities and exploits have uncovered the relatively quiet Hanjuan exploit kit, and further exposed the dangers of malvertising.
Anthem Data Breach Could Affect Millions of Consumers
Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers. The company says it is not sure yet how many customers are affected, but Anthem claims to […]