Collaborate Disseminate
The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. What is OpenSSL? OpenSSL contain an open-source implementation of the SSL and TLS protocols, which provide the ability to secu… Continue reading OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed interest by organizations to reevaluate their supply chain security posture, lest t… Continue reading 3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
Whether you’re a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic entering and leaving can be a costly mistake, as cybercriminals are increasingly… Continue reading Organizations can no longer afford to overlook encrypted traffic
By Vijit Nair, Sr. Director, Product Management, Corelight Comprehensive visibility is challenging in a cloud environment. While these environments are rich sources of telemetry and logs, it is challenging for security teams to ensure that logging is c… Continue reading Extending NDR visibility in AWS IaaS
Security is not like paint: it can’t just be applied after a system has been completed. Instead, security has to be built into the system design. But how can we know that a system design is secure against a particular attack? And how can we know that t… Continue reading Three ways formal methods can scale for software security
Organizations are rapidly increasing the size, scope and scale of their data protection infrastructure, reflected in dramatic rises in adoption of public key infrastructure (PKI) across enterprises worldwide, according to Entrust research. PKI is at th… Continue reading 2020 brings unique levels of PKI usage challenges
Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB reveals. Ransomware, the headliner of the previous half-year, walked off stage: only… Continue reading A look at the top threats inside malicious emails
Beginning September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less. According to security experts from Venafi, this latest change is another indication that machine identity lifetimes will continue to shrink. Since … Continue reading Reduced lifespan of TLS certificates could cause increase in outages
Companies are losing money to criminals who are launching Business Email Compromise (BEC) attacks as a more remunerative line of business than retail-accounts phishing, APWG reveals. High-ticket BEC attacks Agari reported average wire transfer loss fro… Continue reading Phishing gangs mounting high-ticket BEC attacks, average loss now $80,000
Entering information into and submitting it through insecure online forms will come with very explicit warnings in the upcoming Chrome 86, Google has announced. The new alerts The browser will show a warning when a user begins filling out a mixed form … Continue reading Chrome 86 will prominently warn about insecure forms on secure pages