SSL/TLS Archives - Help Net Security

SSL/TLS

The clock is ticking for businesses to prepare for mandated certificate automation

September 28, 2023

Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. There could be significant changes …

Unlocking internet’s secrets via monitoring, data collection, and analysis

June 30, 2023

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound …

Vulnerabilities in cryptographic libraries found through modern fuzzing

January 13, 2023

Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential …

Evaluating the use of encryption across the world’s top one million sites

June 30, 2022

A new report from security researcher and TLS expert Scott Helme, evaluates the use of encryption across the world’s top one million sites over the last six months and reveals …

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches

May 3, 2022

Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Collectively dubbed TLStorm …

Widely used UPS devices can be hijacked and destroyed remotely

March 8, 2022

Three vulnerabilities in ubiquitous APC Smart-UPS (uninterruptible power supply) devices could allow remote attackers to use them as an attack vector, disable or completely …

Implementing effective ways to exchange sensitive information using encryption

February 24, 2022

Digital communication, whether it is by email, phone call, SMS or video, is part of every organization’s business process, and as such requires encryption to stay …

Key drivers for the shift to public DNS resolvers

February 17, 2022

The European Union Agency for Cybersecurity (ENISA) analyses the security pros and cons of using public DNS resolvers. A core part of the internet is the Domain Name System …

EV certificate usage declining: Is the internet becoming more secure?

December 13, 2021

Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world’s top 1 million sites over the last 18 months shows …

Surge in cyber attacks confirms the need for zero trust security

November 4, 2021

Zscaler announced the release of a report that tracked and analyzed over 20 billion threats blocked over HTTPS, a protocol originally designed for secure communication over …

OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more

September 9, 2021

The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. What is OpenSSL? OpenSSL contain an open-source …

3 areas of implicitly trusted infrastructure that can lead to supply chain compromises

May 13, 2021

The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed …

SSL/TLS

The clock is ticking for businesses to prepare for mandated certificate automation

Unlocking internet’s secrets via monitoring, data collection, and analysis

Vulnerabilities in cryptographic libraries found through modern fuzzing

Evaluating the use of encryption across the world’s top one million sites

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches

Widely used UPS devices can be hijacked and destroyed remotely

Implementing effective ways to exchange sensitive information using encryption

Key drivers for the shift to public DNS resolvers

EV certificate usage declining: Is the internet becoming more secure?

Surge in cyber attacks confirms the need for zero trust security

OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more

3 areas of implicitly trusted infrastructure that can lead to supply chain compromises

Don't miss

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

Evolving conversations: Cybersecurity as a business risk

CISO’s compass: Mastering tech, inspiring teams, and confronting risk

GenAI in software surges despite risks

Chalk: Open-source software security and infrastructure visibility tool