Clik here to view.
Mad Max Here We Come: Heartbleed shows how much we blindly trust keys and...
Updating Following Demonstration of Successful Private Key Extraction Exploit The race is on to respond and remediate by replacing ALL keys and certificates in use with millions of applications because...
View ArticleClik here to view.
Heartbleed Remediation: Replace ALL Keys and Certificates
Response is not complete until trust is re-established By now most organizations have responded to the Heartbleed vulnerability by patching vulnerable systems. Good. The next step must be to replace...
View ArticleClik here to view.
The World is Failing to Remediate the Heartbleed Vulnerability
Time is running out to change keys and certificates or else… The world appears to be failing to respond to the Heartbleed vulnerability. In fact well under 16% of vulnerable keys and certificates have...
View ArticleClik here to view.
Remediating Heartbleed with Next-Generation Trust Protection
Heartbleed Impact The Heartbleed vulnerability unequivocally demonstrates the impact a single vulnerability has on all organizations when keys and certificates are exposed. Cyber-criminals have...
View ArticleClik here to view.
Don’t Be Blinded by the Next Heartbleed
Organizations—from service providers, banks, and retailers to government agencies—were recently blindsided by the Heartbleed bug, a critical vulnerability in the OpenSSL cryptographic software library,...
View ArticleClik here to view.
Responding to New SSL Cybersecurity Threats — Gartner Featured Research
When it comes to defending against advanced threats that take advantage of keys and certificates, most organizations have a gaping hole in their security strategy. Cyber criminals on the other hand...
View ArticleClik here to view.
Self-Signed Certificates: Cyber-criminals Are Turning This Strength into a...
Traditionally, organizations have used certificates signed by Certificate Authorities (CAs) to secure both external and internal communications. Because security breaches and attacks on CAs are on the...
View ArticleClik here to view.
Heartbleed Has Changed the Security Landscape, but Few Organizations Realize It
With the media no longer focusing on the Heartbleed vulnerability, most people think that organizations have adequately addressed the problem, and the threat has passed. Because most people don’t...
View ArticleClik here to view.
Have You Budgeted for the Next Heartbleed?
Last month the Heartbleed vulnerability took the world by storm. IT groups across the globe scrambled to patch systems that were susceptible to the OpenSSL vulnerability known as Heartbleed. Y2K—the...
View ArticleClik here to view.
5 Ways to Prevent Unauthorized Access of Misused Mobile Certificates
Mobile devices and mobile applications are becoming more dangerous threat vectors against the corporate network. Android devices seem to be continually under attack with new reports of malware...
View ArticleClik here to view.
Heartbleed Hype Left Enterprises Uninformed
In early April, the vulnerability known simply as “Heartbleed” became the latest rage. During the first week after discovery, the mainstream media aggressively reported on Heartbleed, stirring up a...
View ArticleClik here to view.
The Evolution of Threats against Keys and Certificates
In my blog post about the Heartbleed hype, I stress that threats against keys and certificates neither started with the Heartbleed vulnerability, nor certainly will end with it. Threats specifically...
View ArticleClik here to view.
Think You’re Done Remediating Heartbleed? Think Again!
OpenSSL has been highly publicized in the last few months—at least for the long standing bugs that have resulted in the complete breakdown of trust in the Internet and the way we do business! Of the...
View ArticleClik here to view.
Around 90% Are Not PCI DSS Compliant—Join Our PCI SIG Efforts for More...
This year, the Payment Card Industry Data Security Standard (PCI DSS) is ten years old. Happy birthday PCI DSS, ten years is a significant milestone. Yet the Verizon 2014 PCI Compliance Report reveals...
View ArticleClik here to view.
This Is Only a Test: Tabletop Simulations Prepare You for the Worst
P.F. Chang customers probably felt like they were taking a step back in time when cashiers ran their credit cards through ancient systems and handed them back carbon copy receipts to sign. But if the...
View ArticleClik here to view.
Taking Key and Certificate Security Analytics to the Next Level
It’s another exciting day at Venafi and another great product release! I am thrilled to announce the release and availability of Venafi Trust Protection Platform version 14.2. This release represents...
View ArticleAttack on Trust Threat Bulletin: Malicious Certificates Issued in India...
Situation On 8 July 2014 Google reported it had discovered certificates issued without authorization for the multiple Google-owned domains from the National Informatics Centre (NIC) Certificate...
View ArticleClik here to view.
Complying with Data Security Laws and Regulations? Congratulations, You’re...
PART I Is Compliance Really Just Complacence? You’ve built a thriving business, earned a powerful brand in the marketplace, and deliver goods and services around the globe with world-class speed and...
View ArticleClik here to view.
Have You Put a Welcome Mat Out for Attackers? Forrester Research Shows Gaps...
Organizations have become reliant on SSH to provide authentication and establish elevated privileges between administrators, applications, and virtual machines in the data center and out to cloud. SSH...
View ArticleClik here to view.
Understanding Trust and How to Defend It in the Digital Age
Trust is arguably the most important component of any functioning society on the planet. Since nearly all who will read this blog are information security professionals, you likely know that Bruce...
View Article