Collaborate Disseminate
There is no dearth of compromised, fake and forged SSL/TLS certificates for sale on dark web markets, researchers have found. TLS certificates are sold individually and packaged with a wide range of crimeware. Together these services deliver machine-id… Continue reading Sale of SSL/TLS certificates on the dark web is rampant
As the use of SSL grows to the point where it’s the standard protocol, cybercriminals are increasingly using encryption to conceal and launch attacks. This has become possible because SSL certificates, which used to be difficult to obtain, are now read… Continue reading Enterprises are blind to over half of malware sent to their employees
WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how secur… Continue reading Android WebView: Are Secure Coding Practices Being Followed?
Mac-based malware has appeared on the list of the top ten most common types of malware for the first time in WatchGuard’s quarterly Internet security report. The Mac scareware appeared in sixth place in WatchGuard’s latest Q3 2018 report and is primari… Continue reading 6.8% of the top 100,000 websites still accept old, insecure SSL versions
Slowly but surely, the Internet is on its way to being 100% encrypted. According Scott Helme’s latest analysis of the one million most visited websites according to Alexa, 51.8% are actively redirecting to HTTPS. To compare: that percentage was a… Continue reading Half of Alexa Top 1 Million sites now use HTTPS
The number one source of TLS/SSL Man in the Middle (MitM) attacks on encrypted mobile traffic are not corporate firewalls or captive portals used by hotels, airports and other organizations offering free Wi-Fi access – it’s spyware. “A big chunk … Continue reading Who’s trying to eavesdrop on your customers’ encrypted mobile traffic?
If you’re using Google Chrome and you suddenly start seeing sites you usually visit labeled as “Not secure”, it’s because Google wants to push site owners to use HTTPS, i.e., encrypt the traffic passing from their visitors to th… Continue reading Chrome starts marking all HTTP sites as “Not secure”
In this podcast recorded at RSA Conference 2018, Asif Karel, Director of Product Management at Qualys, illustrates why certificate visibility and security should not just be bolted on but part of the solution, and he showcases how Qualys CertView can h… Continue reading Make certificate visibility and security a part of your overall security program
Google expects HTTPS to become the default, and is preparing users for it by slowly moving Chrome towards showing only negative security indicators. Google’s own numbers showed back in February that 68% of Chrome traffic on both Android and Windo… Continue reading Chrome to dynamically point out “Not secure” HTTP sites
The Payment Card Industry Security Standards Council (PCI SSC) published a minor revision to version 3.2 of its Data Security Standard (PCI DSS). On 17 May, PCI SSC published PCI DSS version 3.2.1. The purpose of the update was to clarify organizations… Continue reading PCI DSS Version 3.2.1 Published by PCI Security Standards Council