Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.
Malicious actors are now turning the tables on encryption and leveraging SSL connections to create new cybersecurity threats that subvert detection tools.
According to new guidelines, as of September 2017 SSL certificates will have to be checked against a dataset before they can be issued.
GoDaddy had a SSL certificate security problem. A flawed authentication protocol caused the site to revoke 9,000 SSL certificates.
Symantec's Blue Coat security firm recently discovered an alarming spike in malware samples utilizing SSL since October 2015.
Cybercriminals developed HEIST, or "HTTP Encrypted Information can be Stolen Through TCP-Windows," to steal data using a cryptographic scheme.
OpenSSL is vulnerable to DROWN, an attack based on support for the obsolete SSLv2 protocol, which leaves OpenSSL programs at risk.
A recent study from High-Tech Bridge indicated that the vast majority of SSL VPN servers are unsecured, and many are years behind the industry.
Recent research from one security firm found that SSL security was significantly lacking — and in some cases failing — at major banks around the U.K.
Google has recently announced it will not trust Symantec's new root certificate on Chrome, Android and other Google products.