Security News

Recent studies have shown that cybercriminals building phishing sites now use SSL as well, complicating efforts by enterprises to keep their employees safe. The Menlo Security research revealed that while 96.7% of all user-initiated web visits are being served over https, only 57.7% of the URL links in emails turn out to be https, which means that web proxies or firewall will be oblivious to the threats unless enterprises turn on SSL inspection.

Starting with 20:00 UTC, today, the non-profit certificate authority Let's Encrypt will begin it's effort to revoke a little over 3 million TLS/SSL certificates that it issued while a bug affected its CA software. "The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times. What this means in practice is that if a subscriber validated a domain name at time X, and the CAA records for that domain at time X allowed Let's Encrypt issuance, that subscriber would be able to issue a certificate containing that domain name until X+30 days, even if someone later installed CAA records on that domain name that prohibit issuance by Let's Encrypt."

Let's Encrypt, a free, automated, and open certificate signing authority from the nonprofit Internet Security Research Group, has said it's issued a billion certificates since its launch in 2015. Since late last year, Let's Encrypt has issued at least 1.2 million certificates each day.

The total number of phishing sites detected by the Anti-Phishing Working Group worldwide in October through December 2019 was 162,155, following the all-time-high of 266,387 attacks recorded in July through September 2019. APWG contributor OpSec Security saw attacks against more than 325 different brands per month in Q4. Stefanie Wood Ellis, Anti-Fraud Product & Marketing Manager at OpSec Security, noted that the most frequent targets of phishing attacks continued to be Webmail, payment, and bank sites, but that "Phishing against Social Media targets grew every quarter of the year, doubling over the course of 2019.".

Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, announced the availability of Sectigo Subscription SSL....

We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington have analyzed 379 reported instances...

Pulse Secure and Fortinet Released Critical Fixes Months Ago, But Patching LagsA hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious...

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Cybersecurity in the age of the remote workforce Users can be set up for a productive experience while...

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information...

The issue impacts users of the vendor's Cloud WAF product.