DigiCert Blog

All posts under: Vulnerabilities

  1. OpenSSL Patches 14 Security Vulnerabilities

    Early this morning, the OpenSSL project team released three security patches—1.1.0a, 1.0.2i,  and 1.0.1u—for 14 security vulnerabilities discovered in OpenSSL. These three new patches fix one “high” severity, one “moderate” severity, and 12 “low” severity vulnerabilities. None of these bugs affect your SSL/TLS Certificates, and no actions are required related to SSL/TLS Certificate management. Source…


  2. Sweet32 Birthday Attack: What You Need to Know

    Today, researchers announced the Sweet32 Birthday attack, which affects the triple-DES cipher. Although the OpenSSL team rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.” DigiCert security experts as well as other security pros recommend disabling any triple-DES cipher on your servers. The Sweet32 Birthday attack does not affect…


  3. The Consequences of Domain Hijacking

    Domain hijacking is exactly what it sounds like. A hacker hijacks a domain by fraudulently transferring ownership of the domain over to him or herself. For this to work a hijacker needs to know a few key pieces of information: the domain registrar name for the victim domain, and the administrative email address and log…


  4. Understanding the Threat Landscape When Using the Cloud

    Many professionals are familiar with methods cybercriminals use to breach enterprise security, whether it is through phishing scams, DDoS attacks, social engineering, or another tactic. Cloud malware can be added to this list and is gaining more attention as more enterprises are using the cloud for business ventures. Enterprises turn to the cloud as a convenient…


  5. OpenSSL Patches Five Security Vulnerabilities

    Earlier this morning, the OpenSSL project team released two security patches—1.0.2h and 1.0.1t—for five security vulnerabilities discovered in OpenSSL. These two new patches fix one “high” severity and four “low” severity vulnerabilities. None of these bugs affect SSL Certificates. No actions related to SSL Certificate management are required. High Severity Vulnerabilities Memory corruption in the…