- January 07, 2020
Threat actors appear to be exploiting vulnerable Pulse Secure VPN servers to hit enterprises with ransomware attacks, even though a patch has been available since April 2019.
- October 08, 2019
Nation-state hackers are exploiting previously disclosed vulnerabilities in VPNs from Pulse Secure, Palo Alto Networks and Fortinet, according to a security advisory from the NSA.
- February 12, 2019
Two senators called on the Department of Homeland Security to investigate the possibility that VPNs are allowing valuable information to be routed to foreign adversaries.
- January 30, 2018
Experts urge users to patch a new Cisco ASA vulnerability that earned the most critical CVSS score of 10.0 and could lead to remote code execution and denial-of-service attacks.
- February 27, 2017
After Google rolled out the latest version of Chrome, Blue Coat proxy software issues prompt rollback of TLS 1.3 support in latest version of Chrome browser.
- October 13, 2016
Academic researchers show how to place undetectable encryption backdoors in cryptographic keys and passively decrypt data, which could undermine confidence in certain algorithms.
- September 30, 2016
The cure for a low-severity OpenSSL vulnerability proves worse than the disease, as it opened a new, critical flaw, forcing the OpenSSL Project to rush out a new set of patches.
- August 16, 2016
Fidelis Cybersecurity reports notorious Vawtrak banking Trojan gets upgrades to increase security and evade detection, including SSL pinning and domain generation algorithm.
- December 22, 2015
The Payment Card Industry Security Standards Council unexpectedly pushed back the deadline for enterprises to migrate off of early versions of TLS.
- December 03, 2015
Amazon's s2n passed its first test by patching a flaw quickly, but experts said enterprises still need to be wary of the complexities surrounding TLS implementation.
- May 20, 2015
A newly discovered TLS vulnerability that affects thousands of websites, servers and browser users could allow attackers to bypass encryption.
- April 29, 2015
As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them.
- April 28, 2015
Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.
- April 10, 2015
News roundup: Technology and security acquisitions have seen some healthy activity in 2015, driven by two key trends. Plus: 75% of users aren't vulnerable to Heartbleed?; White House hack tied to phishing; first state digital ID law.
- March 31, 2015
Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities.
- March 30, 2015
The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.
- March 13, 2015
News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.
- January 09, 2015
Experts say the security industry's 'blind trust' may result in a new wave of security threats caused by fake SSL certificates, including man-in-the-middle and DNS attacks.
- November 17, 2014
Microsoft admitted that MS14-066, released last week to patch a serious Schannel security vulnerability, is causing some users to drop TLS connections.
- November 07, 2014
News roundup: Open Wi-Fi allegedly aided a fugitive in evading authorities, highlighting Wi-Fi hotspot risks as ISPs including Comcast turn residential gateways into hotspots. Plus: Google's nogotofail tool; messaging apps fail EFF security review; ...
- October 31, 2014
The outdated encryption protocol was spotlighted earlier this month when Google researchers released details on the POODLE attack, which preyed on systems that support the SSL 3.0 fallback mechanism.
- September 08, 2014
Data from McAfee shows many organizations have yet to fully patch the Heartbleed vulnerability, and as many as 300,000 websites remain at risk.
- August 22, 2014
The difficulty of detecting Heartbleed exploits means that the Community Health breach is unlikely to be the last incident linked to the OpenSSL flaw.
- August 20, 2014
An infosec consultancy has claimed that a Heartbleed exploit was used by attackers to gain access as part of the Community Health data breach.
- July 30, 2014
A vendor's Heartbleed scan shows that a majority of Global 2000 organizations may still be vulnerable despite patching the OpenSSL flaw.
- July 11, 2014
Former CSO Paul Howell details the school's Heartbleed response and how he overcame challenges with assessment, patching and communication.
- July 02, 2014
Heartbleed exposed a number of long-standing issues at OpenSSL, but the open source encryption project has laid out plans to improve the organization.
- June 03, 2014
According to one researcher, most enterprise wireless networks are likely vulnerable to Cupid, a proof-of-concept based on the Heartbleed attack.
- May 16, 2014
Uneven response efforts have left hundreds of thousands of servers and other devices vulnerable to the Heartbleed OpenSSL vulnerability.
- April 24, 2014
A number of tech giants have pledged financial help to OpenSSL and other open source projects after the Heartbleed bug exposed numerous issues.
- April 18, 2014
In the wake of the Heartbleed OpenSSL vulnerability, the massive deluge of revoked certificates could cause palpitations across the Internet.
- April 16, 2014
Though millions of Android devices could contain the Heartbleed OpenSSL vulnerability, experts say the risk to Android users may not be that great.
- April 15, 2014
Proving the Heartbleed OpenSSL vulnerability can be exploited in the wild, two organizations say attackers have used it to glean sensitive data.
- April 10, 2014
Analysis: The 'Heartbleed' OpenSSL vulnerability is one of the worst bugs a SANS expert has seen, and that's before the fallout is fully understood.
- April 08, 2014
Researchers who discovered the 'Heartbleed' OpenSSL security vulnerability say it could have exposed encrypted Internet traffic from millions of systems.
- February 29, 2012
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative.
- March 23, 2011
A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.
- August 11, 2010
Federal IT managers will likely see greater demands to facilitate and improve telework infrastructures at their agencies.
- July 26, 2010
New research from NCP Engineering points out that companies are complacent about VPN security configurations, and poorly managed VPNs are often at the heart of large data breaches.
- December 01, 2009
VPN software from Cisco Systems, Juniper and others make users susceptible to Web-based attacks, according to an advisory from the U.S. Computer Emergency Readiness Team.
- February 18, 2009
Moxie Marlinspike explains how his hacking technique fools Web users into thinking they are on an SSL-protected site, leaving them feeling quite safe, but pwned all the same.
- May 22, 2007
Papa Gino's is ahead of many companies in deploying Windows Vista, thanks to its involvement in the Microsoft TAP program. But VPN compatibility has been a sticking point.
- May 09, 2007
Some companies are investing in secure FTP suites to give employees and business partners the ability to transfer large files such as large documents, audio, video and photos.
- May 09, 2005
Attackers could use this "very significant" flaw to read plaintext communications.
- February 12, 2004
Microsoft ASN flaw may be biggest defect ever found
- July 29, 2003
F5 Networks announced the acquisition of remote access SSL-VPN provider uRoam, leading off this edition of Quick Takes.
- November 19, 2002
Sun Microsystems and Check Point announced this week a new Sun VPN/firewall Linux-based appliance secured by Check Point's SecurePlatform, leading off this edition of Quick Takes.
- October 24, 2002
SearchSecurity recently invited networking expert Lisa Phifer to speak about troubleshooting IPSec VPNs. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. Phifer is ...
- July 30, 2002
Quick Takes: Checking in with a 'clientless' VPN
- March 29, 2002
SearchSecurity recently invited networking expert Lisa Phifer to speak about understanding IPSec VPN crypto. We ran out of time during the Webcast for her to answer several questions from the audience, but, she answers those questions here. If you ...
- September 24, 2001
Quick Takes: RapidStream 500 secures remote, high-speed connections
- July 11, 2001
Check Point invests future in Next Generation