Organizations still struggle to manage foundational security
Regulatory measures such as GDPR put focus on data privacy at design, tightening requirements and guiding IT security controls like Public Key Infrastructure (PKI). Continued …
certificates
Fake alerts about outdated security certificates lead to malware
Cyber criminals have been trying out a new approach for delivering malware: fake alerts about outdated security certificates, complete with an “Install …
Let’s Encrypt will revoke 3m+ TLS/SSL certificates
Starting with 20:00 UTC (3:00pm US EST), today (March 4), the non-profit certificate authority Let’s Encrypt will begin it’s effort to revoke a little over 3 …
Only 54% of security pros have a written policy on length and randomness for keys for machine identities
People rely on usernames and passwords to identify themselves to machines so they can gain access to data and services. Machines also need to authenticate themselves to each …
Most DevOps pros feel proper certificate issuance policies slow them down
75% of DevOps professionals are concerned that policies for issuing certificates slow down development, and over a third (39%) believe developers should be able to circumvent …
Trusted certificates make phishing websites appear valid
There has been a rampant growth of look-alike domains, which are often used to steal sensitive data from online shoppers. Venafi analyzed suspicious domains targeting 20 major …
The promise and peril of post quantum computing
In this Help Net Security podcast, Avesta Hojjati, Head of R&D at DigiCert, talks about the security implications of post quantum computing. Here’s a transcript of the …
How seriously are businesses taking their PKI security?
While most enterprises demonstrate a committed effort towards maintaining a well-rounded PKI setup, they still fall short in several key categories. The post-Black Hat survey …
Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington …
The probability that an EV SSL certificate is associated with a bad domain is 0.013%
In 2018, phishing attacks were attempted 482.5 million times, more than doubling the number of incidents in 2017. New research conducted by the Georgia Institute of Technology …
Certificate-related outages impact the reputation of financial services organizations
Financial services organizations are more likely to have digital certificate-related outages than other industries, a Venafi study reveals. Over 100 CIOs in the financial …
Code signing keys and certificates are crucial security assets, are you protecting them?
Only 28 percent of organizations consistently enforce a defined security process for code signing certificates, a Venafi study of over 320 security professionals in the U.S., …
