Chat With Us
We are here for you!
Talk to a fellow human.
This week Microsoft disclosed the existence of a critical vulnerability in how Windows operating systems validate ECC-based x.509 certificates and released patches for affected versions that are supported. We highly recommend immediate application of the appropriate patch to all Windows servers and client systems to prevent exploits based on this newly discovered flaw. Read here to learn more.
Some Sectigo Code Signing certificate subscribers have opined recently that our Code Signing authentication now includes additional steps and requirements it did not have in previous years. This observation is accurate. Sectigo of recent has increased its process and requirements for obtaining Code Signing certificates.
The Root Causes podcast explores the important issues behind today’s world of PKI, online trust, and digital certificates. Early in 2019 the Kremlin announced plans to temporarily disconnect all Russian traffic from the internet as a proof of concept for a potential future cyber war. At the time our hosts Jason Soroko (CTO of PKI, Sectigo) and Tim Callan (Senior Fellow, Sectigo) discussed what a Russian disconnection from the internet might mean and the pitfalls associated with it. With recent announcements from the Russian government that this trial run is complete, now is a good time to revisit that discussion.
As 2019 draws to a close, it’s time to turn our attention to 2020. Our leadership team has been working to identify the trends and developments that will shape cybersecurity in the coming year. Here are several predictions about quantum computing, automation, IoT security, legislation, and more.
Sectigo recently announced that we will make a change to our issuance practices to remove “static” brand and hosting information from the OU fields of our Domain Validation (DV) certificates.
A recent study by Deloitte found that financial firms spent an average of 10% of their IT budget on cybersecurity and that CISOs rank keeping up with rapid IT changes and rising complexities in tech systems as top challenges, regardless of company size or maturity level. PKI offers an excellent security foundation for every device, server, user, and application in the enterprise, whether on-premise or on the cloud.
As millions of people visit online retailers to spend their hard-earned money this holiday, cybercriminals will be working to trick consumers into mistakenly sending that money their way, instead. A number of browsers are pioneering new ways for users to recognize that the site they are visiting might not be what it appears. Non-HTTPS pages, or pages without an EV SSL certificate validating them as trustworthy, will be flagged as potentially dangerous sites.
[This guest post originally ran on Let’s Encrypt’s blog on Nov 20, 2019.] Let’s Encrypt launched a Certificate Transparency (CT) log this past spring. We’re excited to share how we built it in hopes that others can learn from what we did. . . Sectigo and Amazon Web Services generously provided support to cover a significant portion of the cost of running our CT log.
Australia has joined the ever-swelling ranks of government and industry organizations developing guidelines or enacting regulations regarding IoT device security. On Nov. 11, 2019, the country published their “Draft Code of Practice: Securing the Internet of Things for Consumers,” which outlines 13 security practices intended to apply to all IoT devices available in Australia.
The Root Causes podcast explores the important issues behind today’s world of PKI, online trust, and digital certificates. Research from two esteemed universities shows that sites with EV SSL certificates are much less likely to be engaged in criminal behavior like malware and phishing. And yet, leading browsers are reducing or removing EV information from the interface. In this episode, our hosts Jason Soroko (CTO of PKI, Sectigo) and Tim Callan (Senior Fellow, Sectigo) explain the research results, this paradoxical browser behavior, and its likely effect on consumer security.
The Root Causes podcast explores the important issues behind today’s world of PKI, online trust, and digital certificates. In this episode hosts Jason Soroko (CTO of IoT, Sectigo) and Tim Callan (Senior Fellow, Sectigo) describe Germany’s pending safe browsing guidelines and what they may mean for businesses in Europe and beyond.
(Lightly edited for flow and brevity, this podcast originally appeared July 18, 2019.)
In a social engineering attack, a bad actor uses human interaction (social skills) to acquire information about a company and/or its computer systems. Attackers often seem unassuming and respectable, often claiming to be a new employee, a service technician, or a member of the service-providing company and may even offer credentials to support that identity.