Secure Sockets Layer (SSL) - Security Intelligence

Two programmers working on security controls to detect black market tls/ssl certificates

article

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.

April 11, 2019 | By Koen Van Impe

article

A web browser showing an SSL certificate.

news

Cybercriminals Turn the Tables on Encryption to Develop New Cybersecurity Threats

Malicious actors are now turning the tables on encryption and leveraging SSL connections to create new cybersecurity threats that subvert detection tools.

February 9, 2018 | By Douglas Bonderud

news

Multiple graduates holding diplomas and certificates.

news

SSL Certificates Now Need Mandatory Authorization Checks

According to new guidelines, as of September 2017 SSL certificates will have to be checked against a dataset before they can be issued.

April 13, 2017 | By Larry Loeb

news

A cursor hovering over a secure lock in a URL.

news

GoDaddy Goofs Up on SSL Certificate Security

GoDaddy had a SSL certificate security problem. A flawed authentication protocol caused the site to revoke 9,000 SSL certificates.

January 16, 2017 | By Larry Loeb

news

Blue Coat found the monthly rate of malware occurrences to be stable compared to the spike in malware samples using SSL. It also found that the spike in C&C servers occurred earlier, suggesting preparation in advance of the 2015 holiday season attack.

news

SSL Use by Malware Samples Rises

Symantec's Blue Coat security firm recently discovered an alarming spike in malware samples utilizing SSL since October 2015.

August 16, 2016 | By Larry Loeb

news

HEIST builds on the shoulders of previous attacks that used cryptographic schemes to advance their aims. The developers claim that HEIST can make an educated guess as to the plaintext contained in an encrypted message from the length of the message.

news

HEIST Uses a Cryptographic Scheme to Steal Data

Cybercriminals developed HEIST, or "HTTP Encrypted Information can be Stolen Through TCP-Windows," to steal data using a cryptographic scheme.

August 8, 2016 | By Larry Loeb

news

Organizations and Web servers may be at risk of DROWNing. The DROWN vulnerability, which was recently discovered and disclosed by a team of security researchers, exploits holes in versions of OpenSSL and can be executed relatively cheaply.

news

OpenSSL Can Be DROWNed by New Vulnerability

OpenSSL is vulnerable to DROWN, an attack based on support for the obsolete SSLv2 protocol, which leaves OpenSSL programs at risk.

March 3, 2016 | By Larry Loeb

news

Security teams should be aware of the risks that may arise from the use of SSL VPN servers. While many believe these are the most secure options for an enterprise, there are a number of vulnerabilities that could cause problems down the road.

news

Secure Connections? Virtually All SSL VPN Servers Miss the Mark

A recent study from High-Tech Bridge indicated that the vast majority of SSL VPN servers are unsecured, and many are years behind the industry.

February 29, 2016 | By Douglas Bonderud

news

A recent study found that about half of major U.K. banks receive a failing grade when it comes to SSL security and data protection. Both organizations and their consumers must push for better information security measures if they want to remain safe.

news

Don’t Count On It: SSL Security Lacking at Big UK Banks

Recent research from one security firm found that SSL security was significantly lacking — and in some cases failing — at major banks around the U.K.

January 7, 2016 | By Douglas Bonderud

news

Symantec recently announced that it will no longer be using the VeriSign G1 root certificate to issue public code signing and TLS/SSL certificates. In response, Google has announced it won't trust Symantec's new root certificate on Chrome and Android.

news

Google No Longer Trusts Symantec’s Root Certificate

Google has recently announced it will not trust Symantec's new root certificate on Chrome, Android and other Google products.

December 15, 2015 | By Larry Loeb

news

Attackers Compromise Admin Account to Infect Manufacturing Company With BitPaymer Ransomware

Spear Phishing Report Card: Perfect Scores in School Security Pen Testing

Google 2FA Approach Turns Android Smartphones Into Security Keys

April Scams May Ruin Plans: Threat Actors Ramp Up for Tax Scam Season

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

How a Cunning Remote Overlay Malware Met Its Match

The US Is Slow to Adopt EHRs, But That Might Actually Be a Good Thing for Healthcare Security

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

Credential Dumping Campaign Hits Multinational Corporations

Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

Podcast: Muscle Memory and Cyber Fitness Training

Podcast: Zero Trust and the Evolving Role of Identity and Access Management

Podcast: Digital Identity Trust, Part 3 — Powering Digital Growth With Digital Identity Trust

Podcast: Monitoring National Cybersecurity Trends With Former NSA Deputy Director Bill Crowell

Webinar: MacOS Management Made Easy with MaaS360

Webinar: Encryption is the Fastest Way to Protect Data

Webinar: Under the Radar: Live Webinar and Demo

Webinar: Facilitating Secure Hybrid Cloud Adoption with Guardium

Tag: Secure Sockets Layer (SSL)

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

Cybercriminals Turn the Tables on Encryption to Develop New Cybersecurity Threats

SSL Certificates Now Need Mandatory Authorization Checks

GoDaddy Goofs Up on SSL Certificate Security

SSL Use by Malware Samples Rises

HEIST Uses a Cryptographic Scheme to Steal Data

OpenSSL Can Be DROWNed by New Vulnerability

Secure Connections? Virtually All SSL VPN Servers Miss the Mark

Don’t Count On It: SSL Security Lacking at Big UK Banks

Google No Longer Trusts Symantec’s Root Certificate