Transport Layer Security (TLS) - Security Intelligence

Three professionals discuss DNSSEC security controls

article

Bind Certificates to Domain Names for Enhanced Security With DANE and DNSSEC

The biggest hurdle for implementing DANE lies with DNSSEC. Granted, setting up DNSSEC can be daunting, but the reward of a much higher level of DNS security can make it worth the effort.

June 3, 2019 | By Koen Van Impe

article

Two programmers working on security controls to detect black market tls/ssl certificates

article

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.

April 11, 2019 | By Koen Van Impe

article

Woman using two-factor authentication on her phone to log in to computer

news

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.

January 15, 2019 | By Douglas Bonderud

news

Close-up of a browser window showing lock icon during SSL connection.

article

The Evolution of Digital Certificates

Digital certificates are used to authenticate both sides of a browser connection. It's a good first step, but certificates do not assure absolute trust.

July 25, 2017 | By Larry Loeb

article

news

Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass

The open source FreeRADIUS project recently patched a vulnerability that allowed malicious actors to bypass session authentication.

June 1, 2017 | By Douglas Bonderud

news

HEIST builds on the shoulders of previous attacks that used cryptographic schemes to advance their aims. The developers claim that HEIST can make an educated guess as to the plaintext contained in an encrypted message from the length of the message.

news

HEIST Uses a Cryptographic Scheme to Steal Data

Cybercriminals developed HEIST, or "HTTP Encrypted Information can be Stolen Through TCP-Windows," to steal data using a cryptographic scheme.

August 8, 2016 | By Larry Loeb

news

Web browsers are encouraging websites to shift from SHA-1 digital certificates to SHA-2 in an effort to increase security for all users and businesses. A related recommendation involves using modernized encryption standards for data protection.

article

Browser Vendors Are Shutting Down SHA-1 Digital Certificates

Web browsers are moving away from SHA-1 digital certificates, and organizations need to make sure they are in line with more secure measures.

May 26, 2016 | By Bill O'Donnell

article

Recent research found that certain programming languages may have trouble identifying a revoked TLS certificate, which puts security at risk. Luckily, there are remediation efforts that users can leverage to increase security.

news

Major Programming Languages Fail to Detect Revoked TLS Certificate

Identifying a revoked TLS certificate is impossible for versions of PHP, Python or similar languages because of faults in their underlying libraries.

April 4, 2016 | By Larry Loeb

news

Even websites that use HTTPS may not be secure due to poor implementation and servers with incorrect setups. Only 5 percent of servers use it correctly, leaving many users open to man-in-the-middle attacks, phishing campaigns and more.

news

The Five Percent: HTTPS Redirects Under Threat Thanks to Slow HSTS Adoption

Shifting to HTTPS is vital for websites, but many organizations are not implementing it properly and leave users at risk as a result.

March 21, 2016 | By Douglas Bonderud

news

Google has proven that it is committed to enhancing the security of all users through the use of widespread encryption and awareness techniques. The latest move comes in the form of alerts that signify when an email is unsecured.

news

Google Announces Plan to Flag Unsecured Emails

Google's Gmail now alerts users when they receive unsecured, unencrypted and unauthenticated emails in an attempt to increase security awareness.

February 10, 2016 | By Larry Loeb

news

Free Decryption Tool Enables Victims of GandCrab Ransomware to Recover Their Files

Outlaw Threat Group Using Botnet to Distribute Monero Miner, Perl-Based Backdoor

InterPlanetary Storm Malware Using IPFS P2P Network to Hide Its Activities

Threat Actors Use Targeted Attack Tools to Distribute Cryptocurrency Miners, Ransomware

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

IoMT Security: A Comprehensive Approach to Mitigate Risk and Secure Connected Devices

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control

One Big Lesson From the Cyber Range to Help Solve Confirmation Bias

Observations of ITG07 Cyber Operations

Getting Quantum Ready and What This Means for Cryptography

Podcast: Development Agility and Open-Source Vulnerability Prioritization

Podcast: Lateral Movement: Combating High-Risk, Low-Noise Threats

Podcast: Travel Security: Why Data Safety Doesn’t Get a Day Off

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Webinar: Under the Radar: IBM QRadar Demo Series

Webinar: Appliance Networking Topics

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Webinar: zSecure Real Time Feeds: Alert vs. Audit

Tag: Transport Layer Security (TLS)

Bind Certificates to Domain Names for Enhanced Security With DANE and DNSSEC

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

The Evolution of Digital Certificates

Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass

HEIST Uses a Cryptographic Scheme to Steal Data

Browser Vendors Are Shutting Down SHA-1 Digital Certificates

Major Programming Languages Fail to Detect Revoked TLS Certificate

The Five Percent: HTTPS Redirects Under Threat Thanks to Slow HSTS Adoption

Google Announces Plan to Flag Unsecured Emails