3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed …
Organizations can no longer afford to overlook encrypted traffic
Whether you’re a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic …
Three ways formal methods can scale for software security
Security is not like paint: it can’t just be applied after a system has been completed. Instead, security has to be built into the system design. But how can we know that a …
2020 brings unique levels of PKI usage challenges
Organizations are rapidly increasing the size, scope and scale of their data protection infrastructure, reflected in dramatic rises in adoption of public key infrastructure …
A look at the top threats inside malicious emails
Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB …
Reduced lifespan of TLS certificates could cause increase in outages
Beginning September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less. According to security experts from Venafi, this latest change is …
Phishing gangs mounting high-ticket BEC attacks, average loss now $80,000
Companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing, APWG …
Chrome 86 will prominently warn about insecure forms on secure pages
Entering information into and submitting it through insecure online forms will come with very explicit warnings in the upcoming Chrome 86, Google has announced. The new alerts …
TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys
For twelve years, the standard internet encryption has been Transport Layer Security (TLS) 1.2. Following its roots takes you back to the first version of the Secure Sockets …
Let’s Encrypt will revoke 3m+ TLS/SSL certificates
Starting with 20:00 UTC (3:00pm US EST), today (March 4), the non-profit certificate authority Let’s Encrypt will begin it’s effort to revoke a little over 3 …
Almost three-quarters of all phishing sites now use SSL protection
The total number of phishing sites detected by the Anti-Phishing Working Group (APWG) worldwide in October through December 2019 was 162,155, following the all-time-high of …
What is flowing through your enterprise network?
Since Edward Snowden’s revelations of sweeping internet surveillance by the NSA, the push to encrypt the web has been unrelenting. Bolstered by Google’s various initiatives …