Security News

How to enable SSL on Ubuntu Linux for testing
2020-05-15 19:50

Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake-oil SSL key for testing purposes.

Cybercriminals increasingly using SSL certificates to spread malware
2020-04-07 13:00

Recent studies have shown that cybercriminals building phishing sites now use SSL as well, complicating efforts by enterprises to keep their employees safe. The Menlo Security research revealed that while 96.7% of all user-initiated web visits are being served over https, only 57.7% of the URL links in emails turn out to be https, which means that web proxies or firewall will be oblivious to the threats unless enterprises turn on SSL inspection.

Let’s Encrypt will revoke 3m+ TLS/SSL certificates
2020-03-04 12:00

Starting with 20:00 UTC, today, the non-profit certificate authority Let's Encrypt will begin it's effort to revoke a little over 3 million TLS/SSL certificates that it issued while a bug affected its CA software. "The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let's Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let's Encrypt."

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years
2020-02-28 04:26

Let's Encrypt, a free, automated, and open certificate signing authority from the nonprofit Internet Security Research Group, has said it's issued a billion certificates since its launch in 2015. Since late last year, Let's Encrypt has issued at least 1.2 million certificates each day.

Almost three-quarters of all phishing sites now use SSL protection
2020-02-26 06:32

The total number of phishing sites detected by the Anti-Phishing Working Group worldwide in October through December 2019 was 162,155, following the all-time-high of 266,387 attacks recorded in July through September 2019. APWG contributor OpSec Security saw attacks against more than 325 different brands per month in Q4. Stefanie Wood Ellis, Anti-Fraud Product & Marketing Manager at OpSec Security, noted that the most frequent targets of phishing attacks continued to be Webmail, payment, and bank sites, but that "Phishing against Social Media targets grew every quarter of the year, doubling over the course of 2019.".

Sectigo Subscription SSL enables customers to purchase up to 5 years of protection
2019-10-25 02:00

Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, announced the availability of Sectigo Subscription SSL....

Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
2019-10-14 11:35

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances...

Chinese APT Group Began Targeting SSL VPN Flaws in July
2019-09-06 14:03

Pulse Secure and Fortinet Released Critical Fixes Months Ago, But Patching LagsA hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious...

Week in review: Mass iPhone hacking, SSL VPNs under attack, SOC analysts overwhelmed
2019-09-01 14:45

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Cybersecurity in the age of the remote workforce Users can be set up for a productive experience while...

Imperva Breach Exposes WAF Customers' Data, Including SSL Certs, API Keys
2019-08-27 18:48

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information...