A new active attack using phony Google digital certificates accidentally issued by a Turkish certificate authority (CA) known as TURKTRUST is making the rounds, affecting Firefox, Google Chrome and Internet Explorer users.
An attacker armed with a fraudulent SSL certificate and an ability to control their victim’s network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but they actually contain malicious content or software.
“An intermediate certificate that is used for [man in the middle] allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website,” explained Michael Coates, Mozilla's director of security assurance, adding that users will get a Firefox update Jan. 8. “Additionally, if the private key to one of the mis-issued intermediate certificates was compromised, then an attacker could use it to create SSL certificates containing domain names or IP addresses that the certificate holder does not legitimately own or control.”
In response, Microsoft, Google and Mozilla have all revoked trust in the two digital certificates, one of which was initially discovered on Christmas Eve by Google. The search giant updated Chrome’s certificate revocation metadata on Christmas to block that intermediate CA, and then alerted the TURKTRUST and the other browser vendors. On December 26, it pushed another Chrome metadata update to block the second mistaken CA certificate.[/b]
http://www.infosecurity-magazine.com/view/30065/microsoft-mozilla-and-google-block-fake-google-digital-certificates/
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign
RCE Vulnerability in qBittorrent’s SSL Handling Patched After 14 Years
Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back