Clik here to view.
A Week to Remember: When All the Cookies, Keys, and Certificates Crumble
If there’s one thing I’ve learned from being in the field of cybersecurity for nearly two decades, it’s that there is never, ever a dull moment. But in the past week, something different seemed to...
View ArticleClik here to view.
2014: The Year of Encryption (Vulnerability)
Looking back a year ago, when writers published blogs and articles predicting what 2014 would have in store for us, many were calling it the “Year of Encryption.” This was largely due to the...
View ArticleClik here to view.
Attack on Trust Threat Bulletin: Sony Breach Leaks Private Keys, Leaving Door...
The Breach On 24 November news of a major breach at Sony Pictures Entertainment was reported. An organization self-described as the Guardians of Peace (also known by #GOP) claimed responsibility. The...
View ArticleClik here to view.
Sony Breach—The Gift That Keeps on Giving (Sony Certificate Used for Destover...
In the season of giving, the Sony breach has given hackers around the world the gift that keeps on giving—keys and certificates that can be used as part of malicious campaigns for as long as Sony keeps...
View ArticleClik here to view.
Is Your SSL Traffic Hiding Attacks?
Encrypted traffic is growing fast and becoming mainstream. According to Gartner, SSL traffic comprises 15-25% of the total web traffic, making it a significant percentage. The use of SSL varies by...
View ArticleClik here to view.
3 Opportunities to Learn from the Sony Breach
In a threat bulletin published on our blog in December, we explored the details of the major breach at Sony Pictures Entertainment orchestrated by the “Guardians of Peace” (also known as #GOP). The...
View ArticleClik here to view.
Turn Your 2015 New Year’s Compliance and Audit Resolutions into Revelations
Instead of making the general New Year’s Resolution to decrease the risk in your company’s information security, let’s apply what we learned in 2014 about today’s threatscape and develop New Year’s...
View ArticleClik here to view.
2015: Get Ready for More Attacks on Trust
Over the past few years, the threatscape has changed more than some realize. Cyberattackers want trusted status and they are misusing the very technologies that create trust for their nefarious...
View ArticleClik here to view.
Forrester Research Uncovers Gaps in Mobile Certificate Security
The increasing reliance on mobile devices and applications is driving the need for mobile certificates to ensure that devices and applications are secure, authenticated, and encrypted for enterprise...
View ArticleClik here to view.
The Need for Certificate Transparency
An inherent weakness in the Internet’s Public Key Infrastructure (PKI) is the ‘equivalency of trust’ that is placed on trusted Certificate Authorities (CA)s. Any CA that is trusted by a browser,...
View ArticleClik here to view.
Infographic: How an Attack by a Cyber-espionage Operator Bypassed Security...
Chinese cyber-espionage operator, APT 18, has proven it can breach enterprises by undermining critical security controls when enterprises fail to protect digital certificates and cryptographic keys. As...
View ArticleClik here to view.
CISO’s Need a Seat at the Table
Cyber breach headlines are on the increase and underscore the need for security awareness at the very highest levels of an organization. In 2014 alone, hundreds of millions of records were stolen and...
View ArticleClik here to view.
Global Certificate Reputation to Protect Your Business and Brand
Imagine for a minute what would happen if you could not trust any transaction on the Internet. Not too long ago you would not have ever considered buying something online—simply because there were no...
View ArticleClik here to view.
Digital Certificate Forensics: What Venafi TrustNet Tells Us about the...
3-month gap before encryption enabled for browsers, smartphones, and tablets starting in 2009 Venafi TrustNet is the world’s first enterprise certificate reputation service. TrustNet can identify...
View ArticleClik here to view.
Infographic: Trust Online is at the Breaking Point
Can cryptographic keys and digital certificates still be trusted? Today, the Ponemon Institute and Venafi released the 2015 Cost of Failed Trust Report, the first update to the 2013 study and the only...
View ArticleClik here to view.
Clinton Email Server Only One Example of Convenience Over Security
Earlier this week, I shared my thoughts on why CISOs need a seat at the table with the Board of Directors. Equally important, CISOs need to be able to set security policies and guidelines that are...
View ArticleClik here to view.
Well-Designed RFP Crucial for Enterprise Key and Certificate Management
So, you’ve decided to select a vendor solution for your enterprise key and certificate management. You’ve made a wise decision—manual tracking methods or limited internal scripts cannot effectively...
View ArticleClik here to view.
4 Common Tactics Used in Recent Healthcare Breaches
Last month, Anthem reported that they had been breached, affecting more than 80 million customers’ personal information. This month, Premera Blue Cross disclosed they too have been breached, resulting...
View ArticleStill Bleeding One Year Later—Heartbleed 2015 Research
Early last year the BBC dubbed 2014 to be the year of encryption. How right they were—not only for the increased use of encryption, but also for the 2014 threats that leveraged cryptographic keys and...
View ArticleIntroducing the Immune System for the Internet
We humans have evolved a highly effective immune system. It’s always working to establish what is “self” and trusted and what is not and dangerous. We need the same protection for the cyber realm. But...
View Article