Clik here to view.
Heartbleed Hype Left Enterprises Uninformed
In early April, the vulnerability known simply as “Heartbleed” became the latest rage. During the first week after discovery, the mainstream media aggresively reported on Heartbleed, stirring up a...
View ArticleClik here to view.
The Evolution of Threats against Keys and Certificates
In my blog post about the Heartbleed hype, I stress that threats against keys and certificates neither started with the Heartbleed vulnerability, nor certainly will end with it. Threats specifically...
View ArticleClik here to view.
Think You’re Done Remediating Heartbleed? Think Again!
OpenSSL has been highly publicized in the last few months—at least for the long standing bugs that have resulted in the complete breakdown of trust in the Internet and the way we do business! Of the...
View ArticleClik here to view.
Around 90% Are Not PCI DSS Compliant—Join Our PCI SIG Efforts for More...
This year, the Payment Card Industry Data Security Standard (PCI DSS) is ten years old. Happy birthday PCI DSS, ten years is a significant milestone. Yet the Verizon 2014 PCI Compliance Report reveals...
View ArticleClik here to view.
This Is Only a Test: Tabletop Simulations Prepare You for the Worst
P.F. Chang customers probably felt like they were taking a step back in time when cashiers ran their credit cards through ancient systems and handed them back carbon copy receipts to sign. But if the...
View ArticleClik here to view.
Taking Key and Certificate Security Analytics to the Next Level
It’s another exciting day at Venafi and another great product release! I am thrilled to announce the release and availability of Venafi Trust Protection Platform version 14.2. This release represents...
View ArticleAttack on Trust Threat Bulletin: Malicious Certificates Issued in India...
Situation On 8 July 2014 Google reported it had discovered certificates issued without authorization for the multiple Google-owned domains from the National Informatics Centre (NIC) Certificate...
View ArticleClik here to view.
Complying with Data Security Laws and Regulations? Congratulations, You’re...
PART I Is Compliance Really Just Complacence? You’ve built a thriving business, earned a powerful brand in the marketplace, and deliver goods and services around the globe with world-class speed and...
View ArticleClik here to view.
Black Hat 2013 Briefings Day 1 Report
The first day of Black Hat was all about the opening keynote: NSA Director General Keith Alexander’s opening stirred emotions but also shared some new insights in to NSA operations. Most interesting...
View ArticleClik here to view.
Black Hat 2013 Briefings Day 2 Report
The last day of briefings at Black Hat 2013 was full of new attacks that every enterprise needs to be aware of. The attacks on the trust that’s established by keys, certificates, and underlying...
View ArticleThe Cybercriminal’s New Weapon: Insights from Forrester Research Every IT...
In the 21st century, there’s probably one certainty in life beyond death and taxes: cybercriminals will use what we’ve trusted against us. From email to online banking, cybercriminals hijack what we...
View ArticleClik here to view.
Evolution of Cyber Attacks Infographic
16 years: from viruses, worms, DDoS, advanced persistent threats, to key and certificate-based attacks It used to be that programmers created and launched annoying but mild virus and spam malware to...
View ArticlePCI DSS 3.0 Sneak Peek
The Need for Greater Flexibility and an Evolving Threatscape Put Spotlight on Keys and Certificates The PCI Security Standard Council (SSC) recently previewed PCI DSS 3.0, the next update of the...
View ArticleClik here to view.
Gone in 60 Months or Less
Vendors enforcing a 60-month validity period will help organizations adhere to best practices For years, cybercriminals have been taking advantage of the blind trust organizations and users place in...
View ArticleClik here to view.
Reading the Cyber Attacker’s Playbook from across the Field
Picture this: Tom Brady and the New England Patriots offense are about to run a critical play against the Denver Broncos. A trip to the Championship Game is on the line. New England is on Denver’s...
View ArticleClik here to view.
Patching the Perpetual MD5 Vulnerability
Earlier this month, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificate...
View ArticleClik here to view.
SSH – Does Your “Cloud Neighbor” Have an Open Backdoor to Your Cloud App?
Secure Shell (SSH) is the de facto protocol used by millions to authenticate to workloads running in the cloud and transfer data securely. Even more SSH sessions are established automatically between...
View ArticleClik here to view.
Broken Trust – Exposing the Malicious Use of Digital Certificates and...
Digital certificates and cryptographic keys are interwoven into our everyday lives. Think about it: from accessing the Wi-Fi hotspot at your local coffee shop to flying across the county in a new...
View ArticleClik here to view.
Infographic: How Snowden Breached the NSA
How Edward Snowden did it and is your enterprise next? There’s one secret that's still lurking at the NSA: How did Edward Snowden breach the world’s most sophisticated IT security organization? This...
View ArticleClik here to view.
Deciphering How Edward Snowden Breached the NSA
The importance of knowing exactly how Snowden breached security by attacking trust and an open invitation to correct us To date little real information exists publicly to explain how Edward Snowden...
View Article