Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.
One of the largest certificate authorities announced that the vast majority of the top 1 million websites had replaced the digital certificates major browsers plan to phase out in the coming months.
Malicious actors are now turning the tables on encryption and leveraging SSL connections to create new cybersecurity threats that subvert detection tools.
According to a recent paper, threat actors are abusing the code signing process associated with public key infrastructure and evading antivirus detection.
Despite significant progress in the area of security certificates, many organizations still suffer preventable outages, according to a recent study.
Digital certificates are used to authenticate both sides of a browser connection. It's a good first step, but certificates do not assure absolute trust.
According to new guidelines, as of September 2017 SSL certificates will have to be checked against a dataset before they can be issued.
In response to alleged violations, Google announced that its Chrome web browser will not trust an SSL certificate from Symantec for more than 279 days.
Google launched its own root certificate authority as part of a push to implement the secure web protocol HTTPS across all its services and products.
GoDaddy had a SSL certificate security problem. A flawed authentication protocol caused the site to revoke 9,000 SSL certificates.