Security Breach Alert: The Resurfacing of Long-Forgotten Microsoft Office Flaws Triggers an Avalanche of Targeted Onslaught of Attacks on Users and Corporations, Prompts Urgent Response Measures. Kaspersky’s security experts have raised a red flag as they witnessed an unprecedented 500% surge in the exploitation of a critical vulnerability known as…
In a concerning development, security researchers have discovered that hackers are leveraging open source tools to misuse a Windows policy loophole. It poses a significant threat to system security since the dangerous actors can load malicious and unverified drivers, even with expired certificates, specifically targeting Chinese-speaking Windows users. Such malicious…
Regular website owners recently recognized the significance of an SSL/TLS certificate because of years of push from the browser and security community. Consequently, most website owners get an SSL certificate when their website is developed. However, many need to become more familiar with this topic and could become frustrated by…
In recent times, SSL/TLS certificate management is rapidly changing, with Google’s recent announcement to reduce certificate validity terms to just 90 days. This shift has profound implications for organizations and the industry, necessitating a shift from manual to automated SSL certificate lifecycle management (CLM). This article will explore the crucial…
Shortening of SSL/TLS certificate lifespans has been a persistent trend over the past decade. Google has announced its plans to reduce SSL/TLS certificate validity terms to 90 days. As an organization grappling with this significant shift, you may ponder the potential impact on your business. Or you can consider the…
Worldwide Threat of Ransomware Targets Institutions and Companies In a recent wave of cyber attacks targeting institutions and companies worldwide, the University of California, Los Angeles (UCLA) has confirmed its inclusion among the victims. The attack has been attributed to a notorious ransomware gang known as “CL0P,” as declared by…
Security researchers conducting a Descope analysis have unveiled a critical vulnerability in Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service. This flaw, discovered during their investigation, exposes users to a high-risk scenario of cross-platform spoofing. The implications of this vulnerability have raised significant concerns regarding the…
Imagine the dismay of potential visitors when they encounter a daunting message in their browser warning them about the lack of security on your site. Fear not; we are here to illuminate a simple yet powerful solution: a secure sockets layer (SSL) certificate. At Certera, we understand the significance of…
The recently released 2023 “Open Source Security and Risk Analysis” (OSSRA) report has sent shockwaves through the cybersecurity community, exposing a troubling trend in organizations’ approach to patching vulnerabilities. The report’s findings paint a stark reality, highlighting that 48% of codebases surveyed harbored high-risk vulnerabilities. As organizations rely heavily on…
OCSP stapling renders it more accessible and more rapid for a customer than ever to check the status of an SSL/TLS certificate’s revocation. It is an enhancement over the existing industry standard, OCSP. But what exactly is OCSP stapling, and why does it matter for the security of your website?…
You may undoubtedly come across the terms “root certificates” and “intermediate certificates” whenever you get an SSL certificate for your website. After all, it is normal to fail to differentiate the two terms. So, let’s get started without further delay. Since the ZIP archive package that you get in an…
Homomorphism is an algebraic term that gives rise to the word homomorphic. “A homomorphism is a structure-preserving map between two identical algebraic structures, such as two groups, two rings, or two vector spaces.” (Wiki source) Homomorphic encryption is a kind of encryption that enables users to carry out binary operations…
Ciphers are often grouped based on their operation and how their key is applied to encryption and decryption. Block ciphers combine symbols into a fixed-size message (the block), whereas stream ciphers use a continuous stream of symbols. The same key is used for encryption and decryption when utilizing a symmetric…
Background Baseline Requirements (BRs) for granting CodeSigning Certificates have been updated, according to the Certificate Authority/Browser (CA/B) Forum. For both Standard and EV CodeSigning Certificates, a private key must be created and secured in a FIPS 140-2 Level 2 or Common Criteria EAL 4+ compliant device effective on June 1,…
Microsoft admits that malicious DDoS attacks in early June crippled its cloud services- Azure, Outlook, and OneDrive. Early in June, Microsoft’s flagship office suite, which includes the file-sharing applications OneDrive and Outlook email, experienced periodic but significant service interruptions. A mysterious hacktivist group took the brunt of the responsibility, claiming that…
Loading...
