While the use of HTTPS encryption is on the rise, the same is unfortunately true of attackers using it to mask their operations, according to a new report.
Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.
Cyber-criminals using the Terror exploit kit have recently starting using SSL certificates to help sneak the EK and its malware passed cyber-security staffers.
Increasingly sophisticated malware strains are using SSL to encrypt their activity with malicious SSL-encrypted content more than doubling in the last six months according to a study from Zscaler ThreatLabZ.
SSL inspection is much more widespread than previously thought and could help a MiTM attack, leading the US-CERT, part of the DHS in America, to issue a special advisory.
Microsoft patches configuration hole that allowed hackers to upload software packages to its Azure update infrastructure.
A fundamental fault in the SSL handshake could allow hackers to use subvert MacOS and iOS devices and recruit them into a DDoS attack.
Duncan Hughes explains how SSL decryption will increasingl be needed to ensure encrypted traffic does not become a facilitator for attackers.
Critical bug in patch means OPenSSL security fix needs fixing.
Businesses have learned to embrace economic globalisation and have expanded operations around the world. A new report from BitSight studies how entering new countries can bring on financial, operational and legal risks, including cyber-risks, to an organisation.
Whitehat's top 10 web hacking techniques of 2015 have been released and the freaks have topped the list.
One of the latest large scale web vulnerabilities, dubbed DROWN (Decrypting RSA with Obsolete and Weakened Encryption), again targets SSL.
Google has instituted a blacklist of untrustworthy certificates for use in the company's browser Chrome.
Researchers have demonstrated how encrypted comms traffic can be used to extract data on users' operating systems, browsers and applications.
Continuing exposure to DROWN vulnerability in cloud service providers could indicate deeper security issues and lackadaisical approach to software updates.
Robert Arandjelovic provides practical advice for CISOs, examining five of the most common network traffic inspections to protect against attacks that use security holes found in SSL encrypted traffic.
A new vulnerability could kill a certain kind of encryption for plenty of websites. An OpenSSL update has been rushed out to fix major flaw.
A coding error that transmits children's login details has been discovered in the mathematics e-leaning platform, Mathletics
As internet traffic is increasingly encrypted, so the need to inspect encrypted traffic grows as that's where the malware will be says Ron Symons, adding that the time to invest in such systems is now.
Dell's new threat report adds further evidence to support the observation that attackers are increasingly hiding activity within HTTPS.
A UK school technology supplier has committed to providing secure logins for a service used by many schools.
Researchers have discovered a new family of malware that hides behind legitimate digital certificates and spies on the infected device.
The latest In Case You Missed It (ICYMI) looks at Apple OS X vulnerability ranking; Banks still using SSL; GDPR agreed; Dutch oppose encryption backoors; Baltics boost national IT security
The generosity of the free TSL certificate non-profit, Let's Encrypt, has been abused by malvertising cyber-criminals
Security you can bank on? Not quite, according to inquiries by Mike Kemp, co-founder of Xiphos Research, who found that outdated SSL security is the norm.
The PCI SSC has pushed back the date by which members must change to a secure version of TLS (currently 1.1 or higher); the migration is being revised today and pushed back from June 2016 to June 2018.
This week's In Case You Missed It (ICYMI): Aviation risk warning; netgear patch delay; vulnerability disclosure -legal threats; android SMS malware variants; SSL weakness exploited for phishing.
Certificate authorities are granting SSL certificates to the owners of spoof domain names which are being used to phish customers of well-known retail and banking brands.
Certificate and key errors are costing businesses dearly and undermining the global economy, according to a Ponemon/Venafi report.
Symantec have fired several staff members after they created unauthorised and potentially malicious Google SSL certificates