CyberSecurityBoard
Sponsor Register Login

Hacker Tricked SSL.com To Get Certificate Issued for Alibaba

A prominent certificate authority (SSL.com) has disclosed a significant security vulnerability in its domain validation system that could allow attackers to obtain fraudulent SSL certificates for domains they don’t own. SSL.com’s validation system incorrectly marked the hostname of an approver’s email address as a verified domain a serious departure from proper security protocols. Rebecca Kelley, assigned to handle the incident, announced that the company had “disabled domain validation method 3.2.2.4.14 that was used in the bug report for all SSL/TLS certificates” while they investigated the issue. This event underscores the need for ongoing vigilance from both certificate authorities and domain owners, as well as the importance of rapid detection and remediation of vulnerabilities to maintain confidence in the public key infrastructure that secures the internet. “SSL.com verified and issued aliyun.com…. I’m not administrator, admin, hostmaster, postmaster, or webmaster of aliyun.com. and also, _validation-contactemail with the value of my email is never configured for aliyun.com. So, this is wrong,” the researcher said. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The ability to obtain fraudulent certificates could potentially allow attackers to impersonate legitimate websites, conduct man-in-the-middle attacks, or intercept encrypted communications.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Apr 2025 13:20:14 +0000


Cyber News related to Hacker Tricked SSL.com To Get Certificate Issued for Alibaba

Alibaba Cloud To Shut Down Australia, India Data Centres - Alibaba Cloud, China's biggest cloud provider, to shut down Australia, India data centres as it prioritises other markets. Alibaba Cloud, mainland China's biggest cloud provider, is to shut down its data centres in Australia and India as it ...
11 months ago Silicon.co.uk
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
11 months ago Aws.amazon.com
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
1 year ago Feeds.dzone.com
Hacker Tricked SSL.com To Get Certificate Issued for Alibaba - A prominent certificate authority (SSL.com) has disclosed a significant security vulnerability in its domain validation system that could allow attackers to obtain fraudulent SSL certificates for domains they don’t own. SSL.com’s ...
1 month ago Cybersecuritynews.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
11 months ago Securityweek.com Silence
The role of certificate lifecycle automation in enterprise environments - Learn about PKI automation and its role in managing the growing complexity of digital identities and certificates. Digital certificates form a strong foundation for our modern digital landscape and at the root of these certificates: PKI. Public key ...
1 year ago Securityboulevard.com
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
11 months ago Security.googleblog.com
Why is my SSL expiring every 3 months? - Digital certificates, used with the protocol 'TLS' establish secure connections between your web server and the browsers visitors use to view your site. If a user gets a message saying their site's certificate has expired, they may feel it's not ...
1 year ago Securityboulevard.com
Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
1 year ago Feeds.dzone.com
Hacker 'ShinyHunters' Pleads Not Guilty in Cybercrime Case - A hacker known as 'ShinyHunters' has pleaded not guilty in a case of cybercrime. The hacker is accused of taking part in illegal activities to steal data from victims, including passwords, credit card information, and other personal details. The ...
2 years ago Blog.cloudflare.com Hunters
Why are IT professionals not automating? - These concerns are no different when it comes to certificate automation. Digital certificates are the fundamental building blocks of cybersecurity infrastructure. The number of certificates we use and the way we use them has grown exponentially. Over ...
1 year ago Helpnetsecurity.com
Jack Ma-Backed Seafood Start-Up Begins Online Sales - Jack Ma-backed start-up 1.8 Meters Marine Technology begins selling seafood in stores and online as billionaire finds post-retirement focus. A Jack Ma-backed start-up focusing on fishery and agriculture has begun online operations in a glimpse into ...
1 year ago Silicon.co.uk
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
1 year ago Securityweek.com
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent - The teenage hacker who leaked details about Grand Theft Auto 6 is now facing a life sentence in a guarded institution, which is a surprise development. The person, identified as Lapsus, was placed under an indefinite hospital order because of worries ...
1 year ago Cysecurity.news
CVE-2025-25305 - Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used ...
4 months ago Tenable.com
CVE-2009-2439 - Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to ...
15 years ago
How to Get a VAPT Certificate? - That is why organizations need to obtain a VAPT certificate for their organization. A VAPT Certificate provided by a premium cybersecurity company is a document issued to a company after they've undergone a Vulnerability Assessment and Penetration ...
1 year ago Securityboulevard.com
Ukraine Arrests Hacker for Assisting Russian Missile Strikes - Ukrainian security services have arrested a hacker for allegedly targeting government websites and providing intelligence to Russia to carry out missile strikes on the city of Kharkiv. Security Service of Ukraine revealed that its cyber unit has ...
1 year ago Infosecurity-magazine.com
How to Think Like a Hacker - Not only did I enjoy and learn from Khan's presentation, I had several follow-up conversations with him regarding cybersecurity, hacking, industry trends and much more. I was impressed with his passion, expertise and role as a vCISO and cybersecurity ...
1 year ago Securityboulevard.com
Suspected Desorden hacker arrested for breaching 90 organizations - Despite the large number of breaches, Group-IB says the hacker did not perform significant lateral movement, instead focusing on quick data exfiltration onto cloud servers and victim extortion. A suspected cyber criminal believed to have extorted ...
3 months ago Bleepingcomputer.com
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
8 months ago Feeds.dzone.com
CVE-2019-5101 - An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is ...
1 year ago
SSL/TLS certificate lifespans reduced to 47 days by 2029 - The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications. Currently, ...
2 months ago Bleepingcomputer.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity - COMMENTARY. Global data privacy laws were created to address growing consumer concerns about individual privacy. These laws include several best practices for businesses about storing and using consumers' personal data so that the exposure of ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)