Security News

LinkedIn Allowed TLS Certificate to Expire—Again
2019-05-22 15:43

Microsoft-owned social media giant LinkedIn has once again put user data and privacy at risk by allowing a TLS certificate to expire. read more

Android Q Enables TLS 1.3 Support by Default
2019-05-10 15:19

The latest Android iteration (Android Q) arrives with TLS 1.3 support enabled by default, as well as with other security improvements, Google announced this week.  read more

Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
2019-03-22 20:22

Users of the open-source project should upgrade immediately.

Facebook Pays Big Bounty for DoS Flaw in Fizz TLS Library
2019-03-21 16:18

While Facebook’s bug bounty program does not typically cover denial-of-service (DoS) vulnerabilities, the social media giant has decided to award a significant bounty for a serious flaw affecting...

Open-source 64-ish-bit serial number gen snafu sparks TLS security cert revoke runaround
2019-03-13 18:12

64 bits of cert ID on the wall, 64 bits of ID. Take the top bit down, don't pass it around, 63 bits of cert ID on the wall... A bunfight over a controversial UAE mobile security company led to the...

Open-source keygen snafu sparks 63-bit TLS cert revoke runaround
2019-03-13 18:12

What a difference a bit makes. 64 little flowers... brought the revokes and the scowls A mailing list bunfight over a controversial UAE mobile security company led to the discovery that millions...

Week in review: Critical Chrome zero-day, TLS certs for sale on dark web, RSA Conference 2019
2019-03-10 19:30

Here’s an overview of some of last week’s most interesting news and articles: RSA Conference 2018 coverage Check out what you missed at the infosec event of the year. How malware traverses your...

Study Finds Rampant Sale of SSL/TLS Certificates on Dark Web
2019-03-07 16:59

SSL and TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi, a company specializing in the protection of...

Sale of SSL/TLS certificates on the dark web is rampant
2019-03-06 09:43

There is no dearth of compromised, fake and forged SSL/TLS certificates for sale on dark web markets, researchers have found. TLS certificates are sold individually and packaged with a wide range...

RSAC 2019: TLS Markets Flourish on the Dark Web
2019-03-06 08:01

The certificates are often paired with ancillary products, like Google-indexed “aged” domains, after-sale support, web design services and even integration with a range of payment processors.