Security Alerts & News
by Tymoteusz A. Góral

History
#2159 Researcher says API flaw exposed Symantec certificates, including private keys
Flaws in the API used by Symantec partners would have allowed an attacker to retrieve certificates, including private keys, security researcher Chris Byrne said in a Facebook post published over the weekend.

The researcher said he discovered this issue two years ago, in 2015, and agreed to a process called "limited non-disclosure," as Symantec said it would take at least two years to fix the issues, during which they asked Byrne to not disclose any details to the public.

"I agreed to limited non-disclosure of the issue, unless I felt it was critically necessary, or it would be unethical or irresponsible for me not to disclose," said Byrne, "for example, if there were a threat to national security, or I discovered a compromise of a client, or any actual criminal compromise arising from it, etc.."
Read more
#2161 Ransomware scammers exploited Safari bug to extort porn-viewing iOS users
#2160 Apple pushes security update to OSX Yosemite and ElCapitan
#2159 Researcher says API flaw exposed Symantec certificates, including private keys
#2158 Alleged vDOS owners poised to stand trial
#2157 Nokia to smartphone owners: Malware infections are far higher than you think
#2156 Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12