Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

Security researchers have checked the web’s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be Read More …

Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token

A surge in spearphishing emails designed to steal Office 365 credentials were rigged to look like they came from a Kaspersky email address. In spite of coming from sender addresses such as noreply@sm.kaspersky.com, nobody at Kaspersky sent the phishing emails, Read More …

Analyzing SSL/TLS Certificates Used by Malware

Malware has increasingly been making use of encryption to help hide their network traffic in recent years. This makes sense especially when one realizes that ordinary network traffic is increasingly encrypted as well. Google’s own Transparency Report notes that HTTPS Read More …

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Mimecast provides email security services that customers can apply to their Read More …