Federal BOD 19-02: Certificate outages are now federally-recognized threats!

Sprinting towards compliance : What’s the BOD all about? Earlier this quarter, the Department of Homeland Security rolled out Binding Operational Directive 19-02 (or BOD 19-02, for convenience). This directive, applicable to all federal agencies, is part of a prolonged effort by the DHS (and the assisting cyber-security arm, CISA) to enforce digital security and […]

LinkedIn Certificate Expiry Fiasco : Third Time’s a Charm?

Earlier this week, several LinkedIn users reported the apparent inaccessibility of the website via certain browsers, owing to an insecure connection. The root cause of this mishap was later revealed to be an expired certificate–more specifically, a TLS certificate on their URL shortener (lnkd.in) which wasn’t renewed on time. Here’s what a LinkedIn spokesperson had […]

SHA-1 Deprecation, Symantec Deprecation… What Next?

When you purchase something from Amazon, BestBuy or any other online retailer, how do you know to trust the website with your payment information? It is because you trust your browser, which placed its trust in the web domain’s Certificate Authority, to notify you of any misrepresentation of the domain you are browsing. Unlike humans, […]

Here’s What’s New in AppViewX 12.2!

Networks must be agile to compete in today’s digital marketplace. Whether it be spinning VM’s or binding SSL/TLS certificates to applications, everything must keep pace with the changing dynamics of modern business ecosystems. How do you plan on keeping up with these changing demands? Invest in the recruitment of new resources? Or invest in training […]

Symantec and Google Lock Horns over Certificate Trust

In an increasingly digital world, SSL/TLS certificates become the identity of a particular enterprise. Who trusts this digital identity? Almost every entity that is connected to the internet, including browsers and their underlying operating systems. Basically, SSL/TLS certificates are like our passports; they are widely accepted as proof of identity. Now, what if someone forges […]

Bothan Spy Steals SSH Keys to Attack an Enterprise’s Death Star

In a series of recent revelations made by WikiLeaks, the site has exposed a new set of tools commonly used by United States’ top foreign intelligence service, the CIA, to attack Windows and Linux computers. The BothanSpy and Gyrfalcon projects, named after famous Star Wars characters, are used to intercept and steal SSH credentials from […]

Hackers Striking at the Heart of Machine Identities – Digital Certificates

After WannaCry ransomware shook the security world, a new kind of Trojan called CertLock started compromising security worldwide to threaten Machine Identities. This Trojan blocks reputed security programs from installing on infected Windows machines. To achieve this, the Trojan blocks the security vendor’s digital certificate, making it easy for hackers.When users attempt to run the […]

A Multi-billion Dollar Defense Firm Fails to Protect Private SSH Keys

Chris Vickery, a cyber risk analyst from UpGuard, successfully retrieved a cache of 60,000 documents related to a United States military project for the National Geospatial-Intelligence Agency (NGA). The sensitive files (close to 28 GB) linked to the U.S. intelligence agency were left unsecured (without a password) on a public Amazon server for anyone to […]

Introducing SSH Key Management and More in AppViewX v11.3

Enterprises are finding it very challenging to keep pace with today’s changing technology. With our new v11.3 release, AppViewX helps accelerate application delivery by moving faster, eliminating errors, and reducing costs. AppViewX v11.3 introduces SSH key management, securing remote access to data centers and enabling enterprises to effectively mitigate risk and ensure compliance. Every enterprise […]

6 Steps to Migrating Your Certificates from SHA1 to SHA2

Businesses need to migrate to SHA2 signed certificates now! The SHA1 hashing algorithm, which is known to be weak due to advancements in cryptographic attacks, is being deprecated and must be replaced with SHA2. SHA1 has been vulnerable for years SHA1, a cryptographic hash function is no longer considered secure, and SHA1 signed certificates can […]

6 Reasons Why You Need an SSL Management Platform

Security is an unavoidable attribute that should never be compromised on. If not rightly addressed, it could bring chaos in the organization and tamper with set business standards. In any enterprise, the addition of devices result in the increase of man power, giving rise to a directly proportional delta on deployment of certificates for every […]

Has an Expired Cert Caused an Application Outage? Fix It Right Away.

Currently, 90 percent of certificate teams monitor the expiration of their SSL/TLS certificates using an Excel spreadsheet. So, if an organization had about 1500 SSL/TLS certificates, the certificate team would have to go through 1500 entries on a daily basis, which is a very tedious task. And then, what if a single certificate is missed […]

Are Your Digital Certificates Secure? Are They Compliant?

X.509 certificates and keys are an area of focus in this age when cyberattacks are on the rise. Private keys are casually stored in devices handling SSL/TLS termination, and in most cases, in plain text without basic encryption. It is surprising that most enterprises still use manual methods for certificate renewal and SSL certificate generation, […]