A group of mysterious hackers has carried out a clever supply chain attack against Vietnamese private companies and government agencies by inserting malware inside an official government software toolkit. From a report: The attack, discovered by security firm ESET and detailed in a report named “Operation SignSight,” targeted the Vietnam Government Certification Authority (VGCA), the government organization that issues digital certificates…
Tag: digital certificates
Microsoft To Remove All SHA-1 Windows Downloads Next Week
Microsoft announced this week plans to remove all Windows-related file downloads from the Microsoft Download Center that are cryptographically signed with the Secure Hash Algorithm 1 (SHA-1). From a report: The files will be removed next Monday, on August 3, the company said on Tuesday. The OS maker cited the security of the SHA-1 algorithm for the move. “SHA-1 is a…
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Brian Krebs: Sources tell KrebsOnSecurity that Microsoft is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet…
Russian Malware ‘Patches’ Chrome and Firefox To Fingerprint TLS Traffic
An anonymous reader quotes ZDNet: A Russian cyber-espionage hacker group has been spotted using a novel technique that involves patching locally installed browsers like Chrome and Firefox in order to modify the browsers’ internal components. The end goal of these modifications is to alter the way the two browsers set up HTTPS connections, and add a per-victim fingerprint for the TLS-encrypted…