-
Learn More
Signed Malware & Certification Revocation
A Blog Post from Sectigo
Blog Post Jun 04, 2019Why Sectigo revokes certificate used for signed malware, the process, the impacts on legitimate business using the certificates & CA tradeoffs faced.
-
Learn More
Sectigo Responds to Chronicle's Report About Malware Signed by...
A News Article from Sectigo
News Article May 25, 2019Following Chronicle’s study on signed malware registered on VirusTotal scanning service over a one-year period, Sectigo carried their own investigation to identify abused certificates and revoke them.
-
Learn More
Signed Malware Reports: Getting the Numbers Straight
A Blog Post from Sectigo
Blog Post May 24, 2019Recent reports of Comodo / Sectigo Code Signing certificates used for malware contain numbers that are difficult to understand and may lead to false conclusions. In this post we clarify the numbers behind the reported malware signing.
-
Learn More
Mass Certificate Revocation Shows Why Security Automation Matters
A News Article from Sectigo
News Article Apr 08, 2019Digital certificate industry experts have recently discovered a flaw in the certificate generation practices of several major CAs, which has resulted in millions of estimated active TLS/SSL certificates that are non-compliant with mandatory industry standards. These standards are engineered to protect cryptographic security as well as trustworthy identity information in public certificates.
-
Blog Post Sep 11, 2018
Phishing Incident Statements
On September 11, 2018, a cybersecurity firm reported that it uncovered malicious code injected into the British Airways website, indicating that the hackers in the recent British Airways supply chain phishing attack made use of an increasingly common tactic of using large websites to embed pieces of code from third-party suppliers.
-
Learn More
On Comodo CA’s Recent Revocation of an SSL Certificate for Stripe, Inc
A Blog Post from Sectigo
Blog Post Apr 18, 2018In March of 2018, Comodo CA revoked an SSL certificate issued to Stripe, Inc, a legal business entity incorporated in Kentucky. This certificate had originally been issued to blogger Ian Carroll as part of his effort to scrutinize how Extended Validation SSL certificates are treated in browsers. Ian spoke out on social media after revocation of his certificate, which brought his case to the attention of Comodo CA’s senior management team.