Data Protection March 23, 2020

Crypto-Risk: Your Data Security Blind Spot

4 min read - Start thinking about what your organization can do to manage crypto-risk before today's encryption and security measures fall prey to tomorrow's attackers and advanced computing tools.

Data Protection June 3, 2019

Bind Certificates to Domain Names for Enhanced Security With DANE and DNSSEC

7 min read - The biggest hurdle for implementing DANE lies with DNSSEC. Granted, setting up DNSSEC can be daunting, but the reward of a much higher level of DNS security can make it worth the effort.

Identity & Access April 11, 2019

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

6 min read - Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.

January 15, 2019

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

2 min read - A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.

Fraud Protection July 25, 2017

The Evolution of Digital Certificates

3 min read - Digital certificates are used to authenticate both sides of a browser connection. It's a good first step, but certificates do not assure absolute trust.

June 1, 2017

Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass

2 min read - The open source FreeRADIUS project recently patched a vulnerability that allowed malicious actors to bypass session authentication.

August 8, 2016

HEIST Uses a Cryptographic Scheme to Steal Data

2 min read - Cybercriminals developed HEIST, or "HTTP Encrypted Information can be Stolen Through TCP-Windows," to steal data using a cryptographic scheme.

Software Vulnerabilities May 26, 2016

Browser Vendors Are Shutting Down SHA-1 Digital Certificates

2 min read - Web browsers are moving away from SHA-1 digital certificates, and organizations need to make sure they are in line with more secure measures.

April 4, 2016

Major Programming Languages Fail to Detect Revoked TLS Certificate

2 min read - Identifying a revoked TLS certificate is impossible for versions of PHP, Python or similar languages because of faults in their underlying libraries.

March 21, 2016

The Five Percent: HTTPS Redirects Under Threat Thanks to Slow HSTS Adoption

2 min read - Shifting to HTTPS is vital for websites, but many organizations are not implementing it properly and leave users at risk as a result.