Transport Layer Security (TLS) - Security Intelligence

Symantec recently announced that it will no longer be using the VeriSign G1 root certificate to issue public code signing and TLS/SSL certificates. In response, Google has announced it won't trust Symantec's new root certificate on Chrome and Android.

news

Google No Longer Trusts Symantec’s Root Certificate

Google has recently announced it will not trust Symantec's new root certificate on Chrome, Android and other Google products.

December 15, 2015 | By Larry Loeb

news

article

Testing Your SSL Encryption Can Provide Important Security Insights

New, free SSL encryption tests can show areas for improvement with regard to email protection and the best practices for maintaining application security.

December 15, 2015 | By David Strom

article

Cybercriminals are taking advantage of lax security practices on behalf of certificate authorities to acquire digital certificates for their malicious websites. The little green padlock that comes along with these certs could help trick users.

news

Duped Digital Certificates: Major CAs Accused of Fueling Fraudsters

CAs aren't keeping up their end of the bargain: According to Netcraft, many have been issuing digital certificates to scam websites.

October 15, 2015 | By Douglas Bonderud

news

Protecting data is always of paramount importance, and the need to secure information could encourage Internet users to switch from the RC4 encryption algorithm to other forms of protection — especially now that NOMORE attacks are entering the spotlight.

news

NOMORE Attack Method Shows RC4 May No Longer Be a Reliable Way to Encrypt Data

Researchers say it may be time to look beyond the RC4 algorithm to secure Web connections after they discovered an attack method called NOMORE.

July 22, 2015 | By Shane Schick

news

While it may be unrealistic to think the Web will ever be completely safe, a recent study found website vulnerabilities may be more prevalent than users could have imagined. The vast majority of online properties have at least one major security flaw.

news

Website Vulnerabilities Are Everywhere, and They’re Taking Too Long to Get Fixed

The results of a recent study showed there are website vulnerabilities in 86 percent of online properties, and many go neglected for far too long.

June 1, 2015 | By Shane Schick

news

Many websites are reportedly vulnerable to the POODLE exploit, which now works against certain TLS implementations. This exploit lets cybercriminals decrypt the contents of an encrypted session between a browser and a Web server under certain conditions.

news

Major Websites Remain Vulnerable to POODLE Attack

Many major websites are still vulnerable to the POODLE attack, which now works against certain Transport Layer Security (TLS) implementations.

December 10, 2014 | By Jaikumar Vijayan

news

Many of Baltimore’s City Services Still Offline Two Weeks After Ransomware Attack

Hundreds of Thousands of Users Targeted Daily With Would-Be WannaCry Imitators

Phishing Campaign Delivers Multi-Feature, Open-Source Babylon RAT

More Than 100 US Businesses Affected by Ryuk Ransomware Since August 2018, Finds FBI

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

High Stakes, Rising Risks: The Ripple Effects of Cybersecurity in the Healthcare Sector

Industrial Control Systems Security: To Test or Not to Test?

Challenges and Opportunities to Close the Cybersecurity Gap in the Financial Services Industry

GozNym Closure Comes in the Shape of a Europol and DOJ Arrest Operation

The Decline of Hacktivism: Attacks Drop 95 Percent Since 2015

Published Exploits for Accessing SAP Systems Put Security Teams on Alert

Penetration Testing Versus Red Teaming: Clearing the Confusion

Podcast: Lessons from a Gray Beard: Transitioning From the Military to Cybersecurity

Podcast: Foundations for a Winning Operational Technology (OT) Security Strategy

Podcast: ‘You Can Never Have Too Much Encryption’

Podcast: Automating Cyber Resilience Best Practices With Dr. Larry Ponemon

Webinar: Guardium Tech Talk: An Integrated Approach to Data Risk Management

Webinar: The Debrief: Using Tools and Methods From the Intelligence Community to Stop Threats to Your Organization

Webinar: Operational Technology Security in the Age of Digital Transformation

Webinar: Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization

Tag: Transport Layer Security (TLS)

Google No Longer Trusts Symantec’s Root Certificate

Testing Your SSL Encryption Can Provide Important Security Insights

Duped Digital Certificates: Major CAs Accused of Fueling Fraudsters

NOMORE Attack Method Shows RC4 May No Longer Be a Reliable Way to Encrypt Data

Website Vulnerabilities Are Everywhere, and They’re Taking Too Long to Get Fixed

Major Websites Remain Vulnerable to POODLE Attack