Collaborate Disseminate
In Q2 2023, 95% of malware now arrives over encrypted connections, endpoint malware volumes are decreasing despite campaigns growing more widespread, ransomware detections are declining amid a rise in double-extortion attacks, and older software vulner… Continue reading Endpoint malware attacks decline as campaigns spread wider
Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. There could be significant changes within the Public Key Infrastructure (PKI) marketplace, the most pressing mat… Continue reading The clock is ticking for businesses to prepare for mandated certificate automation
In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. This insight plays a vital role in protecting and empo… Continue reading Unlocking internet’s secrets via monitoring, data collection, and analysis
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic… Continue reading Vulnerabilities in cryptographic libraries found through modern fuzzing
A new report from security researcher and TLS expert Scott Helme, evaluates the use of encryption across the world’s top one million sites over the last six months and reveals the need for a control plane to automate the management of machine identitie… Continue reading Evaluating the use of encryption across the world’s top one million sites
Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Collectively dubbed TLStorm 2.0, the vulnerabilities stem from a similar design flaw identified in the T… Continue reading TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches
Three vulnerabilities in ubiquitous APC Smart-UPS (uninterruptible power supply) devices could allow remote attackers to use them as an attack vector, disable or completely destroy them, Armis researchers have discovered. The vulnerable devices, develo… Continue reading Widely used UPS devices can be hijacked and destroyed remotely
Digital communication, whether it is by email, phone call, SMS or video, is part of every organization’s business process, and as such requires encryption to stay secure. It’s not essential just for the sake of protecting shared data, but a… Continue reading Implementing effective ways to exchange sensitive information using encryption
The European Union Agency for Cybersecurity (ENISA) analyses the security pros and cons of using public DNS resolvers. A core part of the internet is the Domain Name System (DNS) mechanism. All computers, internet browsers and other applications use DN… Continue reading Key drivers for the shift to public DNS resolvers
Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world’s top 1 million sites over the last 18 months shows that in many ways, the internet is becoming more secure. Use of encryption is in… Continue reading EV certificate usage declining: Is the internet becoming more secure?