Trustico, a reseller of SSL certificates, has admitted to storing the private keys of some of the SSL certificates it issued to its customers over the past years.
Over 23,000 users will have their SSL certificates revoked by tomorrow morning, March 1, in an incident between two companies —Trustico and DigiCert— that is likely to have a huge impact on the CA (Certificate Authority) industry as a whole in the coming months.
There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such certificates are too high, and only a few hackers can afford one.
Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected.
The Savitech USB audio driver installation package will install a root CA certificate into the Windows trusted root certificate store, in an incident that's reminiscent of the Superfish and eDellRoot episodes from 2015 and 2016, respectively.
Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys."
A new Trojan called CertLock blocks Windows security vendor's programs from being installed or running by blocking their certificates in Windows. This is a continuing trend where adware and unwanted program purveyors are installing protection programs to try and block users from cleaning their computers.