82 matches found
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
EUVD-2026-35984
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
CVE-2026-29114
The CVE-2026-29114 entry describes a vulnerability in some Dahua products where an attacker may obtain the device’s CA root certificate. If that CA is trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain. Th...
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
Dahua IPC 安全漏洞
Dahua IPC is a series of industrial control computers produced by Dahua Corporation in China. There is a security vulnerability in Dahua IPC. This vulnerability stems from the possibility of obtaining the CA root certificate. If this CA is installed and trusted on the client system, an attacker c...
PT-2026-48383
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
Exposing Fox Tempest: A malware-signing service operation
In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...
PT-2025-49107
Name of the Vulnerable Software and Affected Versions Step CA affected versions not specified Description A critical issue in Step CA allows for unauthenticated bypass, enabling the issuance of fraudulent certificates. This compromises trust in potentially millions of sites. The issue allows...
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy...
SSL.com Vulnerability Allowed Fraudulent SSL Certificates for Major Domains
An SSL.com vulnerability allowed attackers to issue valid SSL certificates for major domains by exploiting a bug in…...
Debian: Security Advisory (DSA-2203)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Venafi to Launch Certificate Transparency Log
Three weeks after the first non-Google public log for Certificate Transparency was launched by DigiCert, officials at Venafi said that the company plans to debut its own public CT log. On Jan. 1 Google approved the use of DigiCert’s log, the first CT log that is independent and not operated by...
Certificate Transparency Moves Forward With First Independent Log
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicat...
Mozilla to Support Key Pinning in Firefox 32
Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla’s own sites, all of the sites pinned in...
Google Constrains India CCA Root Cert in Wake of Bad Google and Yahoo Certificates
The Indian Controller of Certifying Authorities said that the certificate-issuance process for the National Informatics Centre of India, which issued several fraudulent certificates recently, which were blocked by Google, has been compromised and Google has decided to constrain India CCA’s root...
Mozilla Asks CAs for Details on Subordinate Certificate Controls
Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate...
Oracle Linux 6 : ca-certificates (ELSA-2011-1248)
From Red Hat Security Advisory 2011:1248 : An updated ca-certificates package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. This package contains the set of CA certificat...
Fraudulent digital certificates issued by TURKTRUST Inc.
...
Microsoft Releases Security Advisory on Fraudulent Digital Certificates
Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates issued by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects al...