How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service.



Digital certificates are the backbone of our secure Internet, which protects sensitive information and communication, as well as authenticate systems and Internet users.



The

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

Hard time for mobile phone users!

Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively.

And now:

Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction.



Researchers at Palo Alto Networks have uncovered a

NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean

Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration (NASA).



Yes! This time, a serious hacktivism had been triggered by the Hacking group named "AnonSec" who made their presence in the cyber universe by previous NASA Hacks.



The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol.



The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks.



What Causes the Flaw to occur?

Kazakhstan makes it Mandatory for its Citizens to Install Internet Backdoor

Next in the queue, Kazakhstan is also planning to Spy on encrypted Internet Traffic of its citizens, but in the most shameless way.



Unlike other spying nations that are themselves capable of spying on their citizens, Kazakhstan will force every internet user in the country to install bogus security certs on their PCs and mobile devices, allowing the 'Dictator' Government to:



Intercept

How Hackers Can Hack Your Chip-and-PIN Credit Cards

October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer.



Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a seamless chip-switching trick with a slip of plastic that it was identical to a normal credit

Exploiting Browser Cookies to Bypass HTTPS and Steal Private Information

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks.



The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as "Browser Cookies," allowing…



…remote attackers to bypass secure HTTPS

Windows Updates Can be Intercepted to Inject Malware into Corporate Networks

If you think that the patches delivered through Windows update can not be laced with malware, think again.



Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations.



Security researchers from UK-based security firm ‘Context’ have discovered a way to exploit insecurely configured implementations of Windows Server Update

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle (MITM) attacks.



AFNetworking is a popular open-source code library that lets developers drop networking capabilities into their iOS and OS X products. But, it fails to check the domain name for which the SSL

18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

Security researchers have unearthed a serious security flaw in all supported versions of Windows that could let hackers steal users’ credentials from computers, tablets or servers running any version of Windows operating system, including the as-yet-released Windows 10.



This vulnerability in Windows was first discovered 20 Years ago:



The critical bug, dubbed "Redirect to SMB," is a

'Google VPN' in-built Hidden Service spotted in Android 5.1

Good news for all Android Lollipop-ers! Google appears to be secretly working on a Virtual Private Network (VPN) service, dubbed 'Google VPN'.



The news is still not confirmed, but the folks at Pocketables discovered an interesting hidden app called "Google Connectivity Services" under "All Apps" in the app manager, while digging through settings and apps after installing the latest version

'FREAK' — New SSL/TLS Vulnerability Explained

Another new widespread and disastrous SSL/TLS vulnerability has been uncovered that for over a decade left Millions of users of Apple and Android devices vulnerable to man-in-the-middle attacks on encrypted traffic when they visited supposedly 'secured' websites, including the official websites of the White House, FBI and National Security Agency.



Dubbed the "FREAK" vulnerability (

Lenovo Admits and Released an Automatic Superfish Removal Tool

The computer giant Lenovo has released a tool to remove the dangerous "SuperFish" adware program that the company had pre-installed onto many of its consumer-grade Lenovo laptops sold before January 2015.
The Superfish removal tool comes few days after the story broke about the nasty Superfish malware that has capability to sneakily intercept and decrypt HTTPS connections, tamper with pages in

Lenovo Shipping PCs with Pre-Installed 'Superfish Malware' that Kills HTTPS

One of the most popular computer manufacturers Lenovo is being criticized for selling laptops pre-installed with invasive marketing software, or malware that, experts say, opens up a door for hackers and cyber crooks.



The software, dubbed ‘Superfish Malware’, analyzes users’ Internet habits and injects third-party advertising into websites on browsers such as Google Chrome and Internet