PCI Security Standards Council publishes PCI DSS 3.2.1
PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and SSL/early TLS migration deadlines that have passed. No new requirements are added in PCI DSS …
Chrome will mark HTTP pages as “not secure”
Starting with Chrome 68, which is scheduled to be released in July 2018, Google will explicitly mark all HTTP sites as “not secure”: According to Google’s numbers, 68% …
Chrome site isolation option offers more security
Chrome 63, which was promoted to the stable release channel on Wednesday, comes with many security fixes and improvements, especially for the enterprise audience. Site …
Google to enforce HTTPS on TLDs it controls
In its sustained quest to bring encryption to all existing Web sites, Google has announced that it will start enforcing HTTPS for the 45 Top-Level Domains it operates. How …
Malicious content delivered over SSL/TLS has more than doubled in six months
Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that …
Manage SSL/TLS certificates across IT environments with Qualys CertView
Qualys announced CertView, a new app framework in the Qualys Cloud Platform that enables customers to discover, assess and manage SSL/TLS certificates on a global scale, …
TLS security: Past, present and future
The Transport Layer Security (TLS) protocol as it stands today has evolved from the Secure Sockets Layer (SSL) protocol from Netscape Communications and the Private …
Making HTTPS phishing sites easier to spot
For years, we taught users that a website’s URL that includes https at its very beginning is a relatively good indicator of whether they can safely input sensitive …
Breaking TLS: Good or bad for security?
As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their …
The HTTPS interception dilemma: Pros and cons
HTTPS is the bread-and-butter of online security. Strong cryptography that works on all devices without complicating things for users. Thanks to innovative projects like …
Inline SSL solution eliminates network blind spots
At RSA Conference 2017, Gigamon announced an expansion to its GigaSECURE SSL/TLS Decryption solution, with new inline capabilities, bringing enhanced visibility into encrypted …
The security impact of HTTPS interception in the wild
HTTPS deployment is on an upward trajectory, and this growth is accompanied by the increasing HTTPS interception and SSL inspection by enterprise-grade firewalls, web filters, …