Clik here to view.
Evolution of Cyber Attacks Infographic
16 years: from viruses, worms, DDoS, advanced persistent threats, to key and certificate-based attacks It used to be that programmers created and launched annoying but mild virus and spam malware to...
View ArticlePCI DSS 3.0 Sneak Peek
The Need for Greater Flexibility and an Evolving Threatscape Put Spotlight on Keys and Certificates The PCI Security Standard Council (SSC) recently previewed PCI DSS 3.0, the next update of the...
View ArticleClik here to view.
Gone in 60 Months or Less
Vendors enforcing a 60-month validity period will help organizations adhere to best practices For years, cybercriminals have been taking advantage of the blind trust organizations and users place in...
View ArticleClik here to view.
Reading the Cyber Attacker’s Playbook from across the Field
Picture this: Tom Brady and the New England Patriots offense are about to run a critical play against the Denver Broncos. A trip to the Championship Game is on the line. New England is on Denver’s...
View ArticleClik here to view.
Patching the Perpetual MD5 Vulnerability
Earlier this month, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificate...
View ArticleClik here to view.
SSH – Does Your “Cloud Neighbor” Have an Open Backdoor to Your Cloud App?
Secure Shell (SSH) is the de facto protocol used by millions to authenticate to workloads running in the cloud and transfer data securely. Even more SSH sessions are established automatically between...
View ArticleClik here to view.
Broken Trust – Exposing the Malicious Use of Digital Certificates and...
Digital certificates and cryptographic keys are interwoven into our everyday lives. Think about it: from accessing the Wi-Fi hotspot at your local coffee shop to flying across the county in a new...
View ArticleClik here to view.
Infographic: How Snowden Breached the NSA
How Edward Snowden did it and is your enterprise next? There’s one secret that's still lurking at the NSA: How did Edward Snowden breach the world’s most sophisticated IT security organization? This...
View ArticleClik here to view.
Deciphering How Edward Snowden Breached the NSA
The importance of knowing exactly how Snowden breached security by attacking trust and an open invitation to correct us To date little real information exists publicly to explain how Edward Snowden...
View ArticleClik here to view.
The Demise of 1024-bit Certificates
Nearly everyone understands the need to use data encryption to protect data both in transit and at rest, but I have found that there is some confusion about the strength of the key that is used to...
View ArticleClik here to view.
Controlling the Wild West of Mobile
Mobile. It’s the new normal. Never in the history of the world has a technology changed the way we work, live, and play in such a short period of time. Think back 20 years. In 1993, we faxed important...
View ArticleClik here to view.
2020 Hindsight Starts Today
I’m pretty sure that all who read this blog will agree: traditional prevention-centric security models are becoming less and less effective each day, while conversely, people- and information-centric...
View ArticleClik here to view.
Are MDM solutions sufficient to secure your mobile environments?
Mobile Device Management (MDM) solutions have served as the point of the spear in the mobile arms race. The question is, “Are they sufficient to ensure the security of your mobile environment?” MDM...
View ArticleClik here to view.
What Is a Trusted Threat?
Last month I co-presented a webinar with ISIGHT Partners, a leader in cyber-threat intelligence, to discuss a white paper that exposes how keys and certificates can be used for nefarious intentions....
View ArticleMobile Certificate Vulnerabilities and Why IT Security is Losing Control
Enterprises are turning to certificates to secure mobile devices, applications, and users, rather than relying on less secure authentication methods such as usernames and passwords. Digital...
View ArticleMobile Certificate Vulnerabilities and Why IT Security is Losing Control
Enterprises are turning to certificates to secure mobile devices, applications, and users, rather than relying on less secure authentication methods such as usernames and passwords. Digital...
View ArticleAnomaly Detection, Knowing Normal Is the Key to Business Trust and Success
Threats and attacks are steadily increasing, and business executives face new challenges with trust exploits. While organizations adopt cloud computing and allow employee-owned devices onto the...
View ArticleClik here to view.
Patching the Perpetual MD5 Vulnerability
Last year, Microsoft updated the security advisory that deprecates the use of MD5 hash algorithms for certificates issued by certification authorities (CA) in the Microsoft root certificate program....
View ArticleClik here to view.
Fake SSL Certificates Uncovered: The Tip of the Iceberg and Weaponized Trust
Cybercriminals are moving faster than we think to weaponize the core element of trust on the Internet: digital certificates. The many fake certificates identified by Netcraft are just the tip of the...
View ArticleClik here to view.
Infographic: New Ponemon SSH Security Vulnerability Report
Global organizations are under attack, and the attackers are more dangerous and persistent than ever. While the motivations vary, the goal of today’s cybercriminal is to become and remain trusted on...
View Article