Transport Layer Security (TLS) - Security Intelligence

Two programmers working on security controls to detect black market tls/ssl certificates

article

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

Some of the latest website security threats originate from thriving dark web marketplaces for TLS/SSL certificates, which often come packaged with other cybercrime services.

April 11, 2019 | By Koen Van Impe

article

Woman using two-factor authentication on her phone to log in to computer

news

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.

January 15, 2019 | By Douglas Bonderud

news

Close-up of a browser window showing lock icon during SSL connection.

article

The Evolution of Digital Certificates

Digital certificates are used to authenticate both sides of a browser connection. It's a good first step, but certificates do not assure absolute trust.

July 25, 2017 | By Larry Loeb

article

news

Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass

The open source FreeRADIUS project recently patched a vulnerability that allowed malicious actors to bypass session authentication.

June 1, 2017 | By Douglas Bonderud

news

HEIST builds on the shoulders of previous attacks that used cryptographic schemes to advance their aims. The developers claim that HEIST can make an educated guess as to the plaintext contained in an encrypted message from the length of the message.

news

HEIST Uses a Cryptographic Scheme to Steal Data

Cybercriminals developed HEIST, or "HTTP Encrypted Information can be Stolen Through TCP-Windows," to steal data using a cryptographic scheme.

August 8, 2016 | By Larry Loeb

news

Web browsers are encouraging websites to shift from SHA-1 digital certificates to SHA-2 in an effort to increase security for all users and businesses. A related recommendation involves using modernized encryption standards for data protection.

article

Browser Vendors Are Shutting Down SHA-1 Digital Certificates

Web browsers are moving away from SHA-1 digital certificates, and organizations need to make sure they are in line with more secure measures.

May 26, 2016 | By Bill O'Donnell

article

Recent research found that certain programming languages may have trouble identifying a revoked TLS certificate, which puts security at risk. Luckily, there are remediation efforts that users can leverage to increase security.

news

Major Programming Languages Fail to Detect Revoked TLS Certificate

Identifying a revoked TLS certificate is impossible for versions of PHP, Python or similar languages because of faults in their underlying libraries.

April 4, 2016 | By Larry Loeb

news

Even websites that use HTTPS may not be secure due to poor implementation and servers with incorrect setups. Only 5 percent of servers use it correctly, leaving many users open to man-in-the-middle attacks, phishing campaigns and more.

news

The Five Percent: HTTPS Redirects Under Threat Thanks to Slow HSTS Adoption

Shifting to HTTPS is vital for websites, but many organizations are not implementing it properly and leave users at risk as a result.

March 21, 2016 | By Douglas Bonderud

news

Google has proven that it is committed to enhancing the security of all users through the use of widespread encryption and awareness techniques. The latest move comes in the form of alerts that signify when an email is unsecured.

news

Google Announces Plan to Flag Unsecured Emails

Google's Gmail now alerts users when they receive unsecured, unencrypted and unauthenticated emails in an attempt to increase security awareness.

February 10, 2016 | By Larry Loeb

news

HTTPS connections are growing in popularity across the Web. Google is even doubling down on its support of the security measure, having recently announced it will prefer the more secure pages in its search rankings even when an HTTP equivalent exists.

news

HTTPS Grabs Top Spot in New Search Ranking Rollout

HTTPS pages will now be preferred by default in Google's search indexing, even when an HTTP version of the website also exists.

December 21, 2015 | By Douglas Bonderud

news

Spear Phishing Report Card: Perfect Scores in School Security Pen Testing

Google 2FA Approach Turns Android Smartphones Into Security Keys

April Scams May Ruin Plans: Threat Actors Ramp Up for Tax Scam Season

Emotet Variants Hijack Existing Email Conversations to Distribute Malicious Links

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

How a Cunning Remote Overlay Malware Met Its Match

The US Is Slow to Adopt EHRs, But That Might Actually Be a Good Thing for Healthcare Security

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

Credential Dumping Campaign Hits Multinational Corporations

Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control

Podcast: Muscle Memory and Cyber Fitness Training

Podcast: Zero Trust and the Evolving Role of Identity and Access Management

Podcast: Digital Identity Trust, Part 3 — Powering Digital Growth With Digital Identity Trust

Podcast: Monitoring National Cybersecurity Trends With Former NSA Deputy Director Bill Crowell

Webinar: Encryption is the Fastest Way to Protect Data

Webinar: Under the Radar: Live Webinar and Demo

Webinar: Facilitating Secure Hybrid Cloud Adoption with Guardium

Webinar: Are you Ready to Demystify the Dark Web with IBM IRIS?

Tag: Transport Layer Security (TLS)

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks

The Evolution of Digital Certificates

Circling Back: FreeRADIUS Fix Cuts Off Authenticaton Bypass

HEIST Uses a Cryptographic Scheme to Steal Data

Browser Vendors Are Shutting Down SHA-1 Digital Certificates

Major Programming Languages Fail to Detect Revoked TLS Certificate

The Five Percent: HTTPS Redirects Under Threat Thanks to Slow HSTS Adoption

Google Announces Plan to Flag Unsecured Emails

HTTPS Grabs Top Spot in New Search Ranking Rollout