News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: Certificates

New variant of SAML attack technique
March 30, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Security researchers have discovered a new variant of the infamous Golden SAML attack technique, which the team has named “Silver SAML.” With Silver SAML, threat actors can abuse the Security Assertion Markup Language authentication protocol to launch attacks from an identity provider such as Entra ID against applications that use SAML for authentication, such as Salesforce. Golden SAML was used in the 2020 Solarwinds cyberattack, the most sophisticated nation-state hack in history to date. The hacker group Nobelium, also known as Midnight Blizzard or Cozy Bear, has inserted malicious code into the IT management software Orion…

Read more

Code signing certificates misused
26. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

On February 15, Australian antivirus manufacturer Emsisoft announced that a security incident had occurred in which a fake code-signing certificate was used to disguise a targeted attack against an organization. The attacker's goal was to trick the affected organization into allowing an application that the threat actor had installed and intended to use by making its detection appear as false positives. The attack failed, the antivirus software detected and blocked it. The method by which initial access was gained is still unclear, but most likely either a brute force attack on…

Read more

Ransomware attacks: malicious code with valid certificates
20 December 2022
| No comments
| PR News, Sophos
Ransomware attacks: malicious code with valid certificates

Sophos thwarts ransomware attacks with a rare, malicious driver, but signed with a valid Microsoft digital certificate. The driver targets Endpoint Detection and Response (EDR) processes. The attack is linked to the Cuba Ransomware Group. Sophos found malicious code in several drivers signed with legitimate digital certificates. The new report, Signed Driver Malware Moves up the Software Trust Chain, details the investigation that began with an attempted ransomware attack. The attackers used a malicious driver that was bundled with a legitimate Microsoft Windows Hardware Compatibility Publisher digital certificate.

Read more

Thousands of unsafe web servers on popular websites
10 January 2022
| No comments
| Short news
F5 news

TLS Telemetry Report 2021 analyzes encryption and certificates. More than half of all web servers still allow the use of insecure RSA keys. At the same time, the revocation of certificates is still problematic. In addition, there are old, rarely updated servers almost everywhere. This is shown by the TLS Telemetry Report 2021 from F5 Labs, which regularly examines the 1 million most important websites worldwide. According to the study, attackers are increasingly using Transportation Layer Security (TLS) to their advantage in phishing campaigns. In addition, new fingerprinting techniques raise questions about the spread of malware servers, which are in the main ...

Read more

Independent Certificate Lifecycle Management provider
22 November 2021
| No comments
| PR News
Independent Certificate Lifecycle Management Provider Certificates

A product innovation enables companies to manage both public and private certificates issued by Sectigo and other CAs on a single platform. Sectigo is transforming itself into a CA-independent Certificate Lifecycle Management provider. Sectigo, a leading global provider of digital certificates and automated Certificate Lifecycle Management (CLM), announces the further development of its most important product, the Sectigo Certificate Manager (SCM). With immediate effect, this will become a universal platform that is able to manage public and private certificates from other leading certification authorities (CAs). This innovation offers companies a completely ...

Read more

Rootkits with a valid digital signature issued by Microsoft
21 November 2021
| No comments
| Bitdefender, PR News

Bitdefender has observed higher incidences of rootkits with valid digital signatures issued by Microsoft. At the moment it is still aimed at online gamers. But other targets can also be profitable for the attacker. The Bitdefender Labs experts have identified FiveSys, a new rootkit that uses its own valid digital signature issued by Microsoft instead of misusing stolen signatures. FiveSys allegedly attacks online gamers in order to steal digital identities and maliciously intervene in in-game purchases. By using a newly issued Microsoft signature, the hackers are pursuing an entirely new path. Because so far they used ...

Read more

Rockwell Automation with advanced cybersecurity certificates
15. February 2021
| No comments
| Short news
B2B Cyber ​​Security ShortNews

With additional certificates and new products, Rockwell Automation ensures more cybersecurity. The new certificates and the expanded product line protect industrial companies and their customer data. More and more manufacturing companies are networking their production and IT systems. At the same time, they also have to deal with cyber threats that can attack industrial control systems. Many companies still need support to secure their production. Rockwell Automation covers this need with extended cybersecurity certificates and the integration of advanced security features in more and more products. Cybersecurity Standard 62443-3-3 Rockwell Automation recently received Cybersecurity Standard 62443-3-3 certification from ...

Read more

© 2024 MedPressIT GbR
Cookie Settings