Clik here to view.
You’re Already Compromised: Exposing SSH as an Attack Vector
Before the Snowden breach, the average person rarely thought about encryption. Last year, however, encryption was at the forefront of everyone’s mind. People wanted to know what Edward Snowden...
View ArticleClik here to view.
The Mask, Attacks on Trust, and Game Over
Breached Enterprises Will Be Owned by The Mask operation for Years to Come For over a year, Venafi has been charting the course of attacks on the trust established by keys and certificates. The...
View ArticleClik here to view.
The Evolution of Mobile Malware: Digitally Signed Malware Creates an Illusion...
Because cyber-criminals always seem to find new ways to circumvent traditional security measures, the threat landscape is constantly changing. A McAfee Labs Threat Report in Q3 2013 revealed an...
View ArticleClik here to view.
RSA Conference 2014: Recap and Attendee Vulnerability Survey
I’ve been attending RSA for many years now, each year it seems to get bigger and better. This year a record breaking 28,500 attendees were in San Francisco to learn how to stop cyber-criminals in their...
View ArticleClik here to view.
Preventing Your Webservers from Becoming Phishing Sites
Despite many cyber-security advances over the last 20 years, well-known cyber-criminal exploits like phishing still pose pervasive threats. Phishing scams remain effective because they prey on human...
View ArticleClik here to view.
March Madness & The Surge of Attacks on Trust
I’m certainly not what you would call an avid NCAA college basketball fan. But each March, the brilliant folks at CBS suck me in with this wonderfully hypnotic theme song for the NCAA Men’s Basketball...
View ArticleClik here to view.
I Hunt Sys Admins’ SSH
SSH keys again confirmed as a favorite target for advanced attackers - how will IT security fight back? Newly leaked NSA documents from Edward Snowden, entitled “I Hunt Sys Admins” show that...
View ArticleClik here to view.
Windigo: Another Multi-Year APT Targets SSH Credentials
Last month, ESET, a leading IT security company, published a detailed analysis of operation Windigo. This operation, active since 2011, has compromised over 25,000 Linux and Unix webservers....
View ArticleClik here to view.
Why Should You Update Your Trusted CAs and Enforce Certificate Whitelists?
Your organization’s policies—or lack of policies—regarding trusted root CA certificates are exposing you to unnecessary risk. Because certificates serve as credentials for so many mission-critical...
View ArticleClik here to view.
FTC recognizes value of trust established by SSL and digital certificates
Attacks on digital certificates and trusted connections drive FTC to action Recognizing that the trust established by Secure Sockets Layer (SSL) and digital certificates plays an important role in...
View ArticleClik here to view.
Mad Max Here We Come: Heartbleed shows how much we blindly trust keys and...
The race is on to respond and remediate by replacing keys and certificates in use with millions of applications because patching won't help. The world runs on the trust established by digital...
View ArticleClik here to view.
Heartbleed Remediation: Replace ALL Keys and Certificates
Response is not complete until trust is re-established By now most organizations have responded to the Heartbleed vulnerability by patching vulnerable systems. Good. The next step must be to replace...
View ArticleClik here to view.
The World is Failing to Remediate the Heartbleed Vulnerability
Time is running out to change keys and certificates or else… The world appears to be failing to respond to the Heartbleed vulnerability. In fact well under 16% of vulnerable keys and certificates have...
View ArticleClik here to view.
Remediating Heartbleed with Next-Generation Trust Protection
Heartbleed Impact The Heartbleed vulnerability unequivocally demonstrates the impact a single vulnerability has on all organizations when keys and certificates are exposed. Cyber-criminals have...
View ArticleClik here to view.
Don’t Be Blinded by the Next Heartbleed
Organizations—from service providers, banks, and retailers to government agencies—were recently blindsided by the Heartbleed bug, a critical vulnerability in the OpenSSL cryptographic software library,...
View ArticleClik here to view.
Responding to New SSL Cybersecurity Threats — Gartner Featured Research
When it comes to defending against advanced threats that take advantage of keys and certificates, most organizations have a gaping hole in their security strategy. Cyber criminals on the other hand...
View ArticleClik here to view.
Self-Signed Certificates: Cyber-criminals Are Turning This Strength into a...
Traditionally, organizations have used certificates signed by Certificate Authorities (CAs) to secure both external and internal communications. Because security breaches and attacks on CAs are on the...
View ArticleClik here to view.
Heartbleed Has Changed the Security Landscape, but Few Organizations Realize It
With the media no longer focusing on the Heartbleed vulnerability, most people think that organizations have adequately addressed the problem, and the threat has passed. Because most people don’t...
View ArticleClik here to view.
Have You Budgeted for the Next Heartbleed?
Last month the Heartbleed vulnerability took the world by storm. IT groups across the globe scrambled to patch systems that were susceptible to the OpenSSL vulnerability known as Heartbleed. Y2K—the...
View ArticleClik here to view.
5 Ways to Prevent Unauthorized Access of Misused Mobile Certificates
Mobile devices and mobile applications are becoming more dangerous threat vectors against the corporate network. Android devices seem to be continually under attack with new reports of malware...
View Article