Vulnerabilities in cryptographic libraries found through modern fuzzing
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential …
Evaluating the use of encryption across the world’s top one million sites
A new report from security researcher and TLS expert Scott Helme, evaluates the use of encryption across the world’s top one million sites over the last six months and reveals …
TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches
Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Collectively dubbed TLStorm …
Widely used UPS devices can be hijacked and destroyed remotely
Three vulnerabilities in ubiquitous APC Smart-UPS (uninterruptible power supply) devices could allow remote attackers to use them as an attack vector, disable or completely …
Implementing effective ways to exchange sensitive information using encryption
Digital communication, whether it is by email, phone call, SMS or video, is part of every organization’s business process, and as such requires encryption to stay …
Key drivers for the shift to public DNS resolvers
The European Union Agency for Cybersecurity (ENISA) analyses the security pros and cons of using public DNS resolvers. A core part of the internet is the Domain Name System …
EV certificate usage declining: Is the internet becoming more secure?
Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world’s top 1 million sites over the last 18 months shows …
Surge in cyber attacks confirms the need for zero trust security
Zscaler announced the release of a report that tracked and analyzed over 20 billion threats blocked over HTTPS, a protocol originally designed for secure communication over …
OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more
The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. What is OpenSSL? OpenSSL contain an open-source …
3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed …
Organizations can no longer afford to overlook encrypted traffic
Whether you’re a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic …
Three ways formal methods can scale for software security
Security is not like paint: it can’t just be applied after a system has been completed. Instead, security has to be built into the system design. But how can we know that a …