How seriously are businesses taking their PKI security?
While most enterprises demonstrate a committed effort towards maintaining a well-rounded PKI setup, they still fall short in several key categories. The post-Black Hat survey …
certificates
Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington …
The probability that an EV SSL certificate is associated with a bad domain is 0.013%
In 2018, phishing attacks were attempted 482.5 million times, more than doubling the number of incidents in 2017. New research conducted by the Georgia Institute of Technology …
Certificate-related outages impact the reputation of financial services organizations
Financial services organizations are more likely to have digital certificate-related outages than other industries, a Venafi study reveals. Over 100 CIOs in the financial …
Code signing keys and certificates are crucial security assets, are you protecting them?
Only 28 percent of organizations consistently enforce a defined security process for code signing certificates, a Venafi study of over 320 security professionals in the U.S., …
PII capturing websites still applying poor security measures one year after GDPR
One year after the EU General Data Protection Regulation (GDPR) went into effect, 1 in 10 PII capturing websites belonging to the top 10 UK financial services organizations …
CIOs admit certificate-related outages routinely impact critical business applications and services
Certificate-related outages harm the reliability and availability of vital network systems and services while also being extremely difficult to diagnose and remediate. …
Cybercriminals are increasingly using encryption to conceal and launch attacks
In this Help Net Security podcast, Deepen Desai, VP Security Research & Operations at Zscaler, talks about the latest Zscaler Cloud Security Insight Report, which focuses …
Attackers compromised ASUS to deliver backdoored software updates
Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of …
Sale of SSL/TLS certificates on the dark web is rampant
There is no dearth of compromised, fake and forged SSL/TLS certificates for sale on dark web markets, researchers have found. TLS certificates are sold individually and …
74% of organizations face outages due to expired certificates
As information security budgets grow and funds are allocated to protect the defensive perimeter, many companies have overlooked the critical importance of digital certificate …
Google also abused its Apple developer certificate to collect iOS user data
It turns out that Google, like Facebook, abused its Apple Enterprise Developer Certificate to distribute a data collection app to iOS users, in direct contravention of …