Clik here to view.
The Demise of 1024-bit Certificates
Nearly everyone understands the need to use data encryption to protect data both in transit and at rest, but I have found that there is some confusion about the strength of the key that is used to...
View ArticleClik here to view.
Controlling the Wild West of Mobile
Mobile. It’s the new normal. Never in the history of the world has a technology changed the way we work, live, and play in such a short period of time. Think back 20 years. In 1993, we faxed important...
View ArticleClik here to view.
2020 Hindsight Starts Today
I’m pretty sure that all who read this blog will agree: traditional prevention-centric security models are becoming less and less effective each day, while conversely, people- and information-centric...
View ArticleClik here to view.
Are MDM solutions sufficient to secure your mobile environments?
Mobile Device Management (MDM) solutions have served as the point of the spear in the mobile arms race. The question is, “Are they sufficient to ensure the security of your mobile environment?” MDM...
View ArticleClik here to view.
What Is a Trusted Threat?
Last month I co-presented a webinar with ISIGHT Partners, a leader in cyber-threat intelligence, to discuss a white paper that exposes how keys and certificates can be used for nefarious intentions....
View ArticleMobile Certificate Vulnerabilities and Why IT Security is Losing Control
Enterprises are turning to certificates to secure mobile devices, applications, and users, rather than relying on less secure authentication methods such as usernames and passwords. Digital...
View ArticleAnomaly Detection, Knowing Normal Is the Key to Business Trust and Success
Threats and attacks are steadily increasing, and business executives face new challenges with trust exploits. While organizations adopt cloud computing and allow employee-owned devices onto the...
View ArticleClik here to view.
Patching the Perpetual MD5 Vulnerability
Last year, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificate program....
View ArticleClik here to view.
Fake SSL Certificates Uncovered: The Tip of the Iceberg and Weaponized Trust
Cybercriminals are moving faster than we think to weaponize the core element of trust on the Internet: digital certificates. The many fake certificates identified by Netcraft are just the tip of the...
View ArticleClik here to view.
Infographic: New Ponemon SSH Security Vulnerability Report
Global organizations are under attack, and the attackers are more dangerous and persistent than ever. While the motivations vary, the goal of today’s cybercriminal is to become and remain trusted on...
View ArticleClik here to view.
You’re Already Compromised: Exposing SSH as an Attack Vector
Before the Snowden breach, the average person rarely thought about encryption. Last year, however, encryption was at the forefront of everyone’s mind. People wanted to know what Edward Snowden...
View ArticleClik here to view.
The Mask, Attacks on Trust, and Game Over
Breached Enterprises Will Be Owned by The Mask operation for Years to Come For over a year, Venafi has been charting the course of attacks on the trust established by keys and certificates. The...
View ArticleClik here to view.
The Evolution of Mobile Malware: Digitally Signed Malware Creates an Illusion...
Because cyber-criminals always seem to find new ways to circumvent traditional security measures, the threat landscape is constantly changing. A McAfee Labs Threat Report in Q3 2013 revealed an...
View ArticleClik here to view.
RSA Conference 2014: Recap and Attendee Vulnerability Survey
I’ve been attending RSA for many years now, each year it seems to get bigger and better. This year a record breaking 28,500 attendees were in San Francisco to learn how to stop cyber-criminals in their...
View ArticleClik here to view.
Preventing Your Webservers from Becoming Phishing Sites
Despite many cyber-security advances over the last 20 years, well-known cyber-criminal exploits like phishing still pose pervasive threats. Phishing scams remain effective because they prey on human...
View ArticleClik here to view.
March Madness & The Surge of Attacks on Trust
I’m certainly not what you would call an avid NCAA college basketball fan. But each March, the brilliant folks at CBS suck me in with this wonderfully hypnotic theme song for the NCAA Men’s Basketball...
View ArticleClik here to view.
I Hunt Sys Admins’ SSH
SSH keys again confirmed as a favorite target for advanced attackers - how will IT security fight back? Newly leaked NSA documents from Edward Snowden, entitled “I Hunt Sys Admins” show that...
View ArticleClik here to view.
Windigo: Another Multi-Year APT Targets SSH Credentials
Last month, ESET, a leading IT security company, published a detailed analysis of operation Windigo. This operation, active since 2011, has compromised over 25,000 Linux and Unix webservers....
View ArticleClik here to view.
Why Should You Update Your Trusted CAs and Enforce Certificate Whitelists?
Your organization’s policies—or lack of policies—regarding trusted root CA certificates are exposing you to unnecessary risk. Because certificates serve as credentials for so many mission-critical...
View ArticleClik here to view.
FTC recognizes value of trust established by SSL and digital certificates
Attacks on digital certificates and trusted connections drive FTC to action Recognizing that the trust established by Secure Sockets Layer (SSL) and digital certificates plays an important role in...
View Article