Archive for the ‘SSL Certificate’ Category

Imperva Breach Exposes WAF Customers’ Data, Including SSL Certs, API Keys

August 27th, 2019
Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today. The security breach particularly affects customers of Imperva's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula, a

Posted in CloudFlare, data breach, ddos protection, Imperva, Incapsula, SSL Certificate, WAF Solution, web application firewall, Web Application Security, Web Application Vulnerability | Comments (0)

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

October 15th, 2018
All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols. Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to

Posted in Apple Safari, Firefox, Google Chrome, Internet Explorer, Microsoft Edge browser, safari update, SSL Certificate, SSL TLS security, TLS encryption, Web browser security | Comments (0)

OpenSSL Releases Patch For “High” Severity Vulnerability

November 10th, 2016

As announced on Tuesday, the OpenSSL project team released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software.

The most serious of all is a heap-based buffer overflow bug (CVE-2016-7054) related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites.

The vulnerability, reported by Robert Święcki of the Google Security Team on

Posted in ddos attack, dos attack, OpenSSL, OpenSSL vulnerability, secure communication, SSL Certificate, SSL encryption, website security | Comments (0)

Critical DoS Flaw found in OpenSSL — How It Works

September 23rd, 2016

The OpenSSL Foundation has patched over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks.

OpenSSL is a widely used open-source cryptographic library that provides encrypted Internet connections using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for the majority of websites, as well

Posted in ddos attack, denial-of-service attacks, digital Certificate, dos attack, hacking news, OpenSSL, OpenSSL vulnerability, SSL Certificate, Vulnerability | Comments (0)

Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

August 29th, 2016

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.

But How? First of all, do you know, the traditional Digital Certificate

Posted in certificate transparency, digital Certificate, free ssl certificate, GitHub, SSL Certificate, ssl security, website security | Comments (0)

‘Ridiculous’ Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

January 12th, 2016

If you have installed Trend Micro’s Antivirus on your Windows computer, then Beware.

Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software.

The Popular antivirus maker and security firm Trend Micro has released an emergency patch to fix critical flaws in its anti-virus product

Posted in antivirus, encrypted communication, free antivirus, Node.js, password manager, remote code execution, Self-Signed SSL, SSL Certificate, Superfish Malware, trend mirco | Comments (0)

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

April 25th, 2015

A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple’s App Store via man-in-the-middle (MITM) attacks.

AFNetworking is a popular open-source code library that lets developers drop networking capabilities into their iOS and OS X products. But, it fails to check the domain name for which the SSL

Posted in AFNetworking, free ssl certificate, ios apps, ios security, man-in-the-middle attack, SSL Certificate, ssl certificate checker, validate ssl certificate | Comments (0)

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

April 22nd, 2015

Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users’ Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot.

It’s like Denial of Service (DoS) attack on Apple’s iOS devices that results in crashing either individual iOS apps or users’ entire iPhones.


Adi Sharabani and Yair Amit of Mobile

Posted in Apple iphone hack, crash iphone, denial-of-service attacks, hacking Wi-Fi, iOS 8 Vulnerability, ipad hacking, iPhone hacking, SSL Certificate, Wi-Fi HotSpot, Zero-Day Vulnerability | Comments (0)

Gogo In-flight Internet issues Fake SSL Certificates to its own Customers

January 6th, 2015

Gogo — one of the largest providers of in-flight Internet service — has been caught issuing fake SSL certificates, allowing the inflight broadband provider to launch man-in-the-middle (MITM) attacks on its own users, view passwords and other sensitive information.

The news came to light when security engineer Adrienne Porter Felt, who works on Google Chrome’s security team, was served the

Posted in Fake SSL Certificate, free ssl certificate, Gogo, Gogo Inflight Internet, hacking news, HTTPS, man-in-the-middle attack, SSL Certificate | Comments (0)