Worldwide Threat of Ransomware Targets Institutions and Companies In a recent wave of cyber attacks targeting institutions and companies worldwide, the University of California, Los Angeles (UCLA) has confirmed its inclusion among the victims. The attack has been attributed to a notorious ransomware gang known as “CL0P,” as declared by…
What’s the Scenario? Security researchers conducting a Descope analysis have unveiled a critical vulnerability in Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service. This flaw, discovered during their investigation, exposes users to a high-risk scenario of cross-platform spoofing. The implications of this vulnerability have raised significant…
Imagine the dismay of potential visitors when they encounter a daunting message in their browser warning them about the lack of security on your site. Fear not; we are here to illuminate a simple yet powerful solution: a secure sockets layer (SSL) certificate. At Certera, we understand the significance of…
The recently released 2023 “Open Source Security and Risk Analysis” (OSSRA) report has sent shockwaves through the cybersecurity community, exposing a troubling trend in organizations’ approach to patching vulnerabilities. The report’s findings paint a stark reality, highlighting that 48% of codebases surveyed harbored high-risk vulnerabilities. As organizations rely heavily on…
OCSP stapling renders it more accessible and more rapid for a customer than ever to check the status of an SSL/TLS certificate’s revocation. It is an enhancement over the existing industry standard, OCSP. But what exactly is OCSP stapling, and why does it matter for the security of your website?…
You may undoubtedly come across the terms “root certificates” and “intermediate certificates” whenever you get an SSL certificate for your website. After all, it is normal to fail to differentiate the two terms. So, let’s get started without further delay. Since the ZIP archive package that you get in an…
Homomorphism is an algebraic term that gives rise to the word homomorphic. “A homomorphism is a structure-preserving map between two identical algebraic structures, such as two groups, two rings, or two vector spaces.” (Wiki source) Homomorphic encryption is a kind of encryption that enables users to carry out binary operations…
Ciphers are often grouped based on their operation and how their key is applied to encryption and decryption. Block ciphers combine symbols into a fixed-size message (the block), whereas stream ciphers use a continuous stream of symbols. The same key is used for encryption and decryption when utilizing a symmetric…
Background Baseline Requirements (BRs) for granting CodeSigning Certificates have been updated, according to the Certificate Authority/Browser (CA/B) Forum. For both Standard and EV CodeSigning Certificates, a private key must be created and secured in a FIPS 140-2 Level 2 or Common Criteria EAL 4+ compliant device effective on June 1,…
Microsoft admits that malicious DDoS attacks in early June crippled its cloud services- Azure, Outlook, and OneDrive. Early in June, Microsoft’s flagship office suite, which includes the file-sharing applications OneDrive and Outlook email, experienced periodic but significant service interruptions. A mysterious hacktivist group took the brunt of the responsibility, claiming that…
A security vulnerability was discovered in the WooCommerce Stripe payment gateway plugin, making it possible for an attacker to collect personally identifiable information (PII) from stores using the plugin. Security analysts rated the attack a high grade of 7.5 on a rating scale of 1 to 10, and it does…
The foundation of Public Key Infrastructure (PKI), which secures billions of online transactions, is the X.509 digital certificate standard. But what will happen if these certificates or the keys that go with them have an issue? They need to be revoked since it is clear that they can no longer be…
Are you trying to figure out how to improve business operations to the next level? With the proper IT consulting services partner/business consulting services like Certera, you can maximize and optimize your ROI in ways that will impact how your organization works. To accomplish this, it could be essential to…
Browsers verify the validity of a website’s TLS certificate before connecting to it, and they display a warning message if the certificate has been revoked. OCSP, CRLs, OCSP must-staple, and OCSP stapling are revocations status-checking techniques browsers use. This article analyses and compares two techniques, named CRL vs OCSP. The…
The following procedure will demonstrate how to generate a Code Signing Certificate request using a key generated and stored in the YubiHSM 2 using the Key Storage Provider (KSP). You can use the Microsoft “signtool tool” to digitally certify Windows binaries with this code signing certificate. Let’s take a closer…