Threat Post

OpenSSL Patches Critical Certificate Validation Vulnerability

A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
Threat Post

Billions of Malicious Bot Attacks Take to Cipher-Stunting to Hide

Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting. When it comes to cyberattacks, adversaries are focusing not just on advanced ...
Infosecurity-magazine.com

Google Swaps Out Crypto Ciphers in OpenSSL

Given recent attacks against older, commonly-used encryption modes RC4 and CBC, the Google team began implementing new algorithms – ChaCha 20 for symmetric encryption and Poly1305 for authentication – ...
CSOonline

4 best practices for managing and tracking SSL and TLS certificates

Do you know what SSL protocols you expose to your users? Are your settings optimized for security? Have you properly deprecated older TLS certs? Here's what you need to know. Most of us take Secured ...