Fraudulent digital certificate for Google web properties used in active attacks
Posted on 03 January 2013.
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has been discovered by the Google Chrome Security Team.

Microsoft has been immediately notified of the matter and has moved to update its Certificate Trust list (CTL) and all its supported releases of Windows in order to remove the trust of that and two other certificates, as it appears that active attacks using the first certificates have been detected.

"TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com," they explained in a security advisory.

Users who don't have the automatic updater of revoked certificates enabled are advised to download and apply the latest system update, while Windows 8, Windows RT, Windows Server 2012, and Windows Phone 8 users needn't worry about that - their CTL will be updated automatically.






Spotlight

Targeted attack protection via network topology alteration

Posted on 17 October 2014.  |  This article from Trend Micro tackles how network topology can aid in defending the enterprise network from risks posed by targeted attacks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //