-
Learn More
Cell Phone Privacy: Protect Your Mobile Data
Blog Post from Sectigo
Blog Post Jan 12, 2022It’s important to understand how to protect your cell phone privacy. Learn how to navigate your mobile privacy settings on Android and iOS.
-
Learn More
What Does “Crypto” Really Mean?
Blog Post from Sectigo
Blog Post Jan 11, 2022What does “crypto” mean? It seems a straightforward question, but the answer is quite complicated. Ten years ago, the answer would be unanimous: it means cryptography, how information is encrypted. However, the rise of blockchain-based currencies—like Bitcoin and Ethereum—brought a shift in how the public thinks about the term.
-
Learn More
Four Positive Security Trends for 2022
Blog Post from Sectigo
Blog Post Jan 10, 2022In a recent post, we discussed the known logical errors that the security community continues to make. Now, let's discuss the emerging technologies that can remedy those fallacies. The fallacies we outlined are rooted in the limits of the technologies that facilitate them. The way to remedy them is to remove those limits, and the trends outlined below illustrate how the industry is moving in that direction.
-
Learn More
How to Mitigate Risk with a Private CA
Blog Post from Sectigo
Blog Post Jan 07, 2022To the great delight of cybercriminals, many organizations continue to rely upon outdated, weak security protocols such as passwords. However, an increasing number of organizations have progressed to the strongest, most secure, easiest-to-manage identity authentication solution available: digital certificates.
-
Learn More
Embracing Interoperability and Openness in Cybersecurity and Digital Identity for a Safer Digital World
Blog Post from Sectigo
Blog Post Jan 06, 2022The digital landscape is completely foreign to how we perceived it only a few short years ago.
-
Learn More
How Phishers Take Your One-Time Passwords
Blog Post from Sectigo
Blog Post Dec 20, 2021One-time passwords (OTPs) are a ubiquitous form of two-factor authentication (2FA) these days. But are they secure?
-
Learn More
Don't Fall into These Common Cybersecurity Traps
Blog Post from Sectigo
Blog Post Dec 16, 2021Discover some of the common fallacies that even the most seasoned IT professionals still buy into.
-
Learn More
What Is Robotic Process Automation (RPA)?
Blog Post from Sectigo
Blog Post Dec 16, 2021Robotic automation is here—and the reality is much more positive than works of fiction have envisioned. Learn more about the emerging technology of RPA.
-
Learn More
Sectigo Update on Log4j Java Logging Exploit
Blog Post from Sectigo
Blog Post Dec 14, 2021Over the past week, there has been a lot of news surrounding a newly discovered Remote Code Execution (RCE) exploit within the Java logging library (Log4j) under CVE-2021-44228. This exploit potentially affects over a third of web servers worldwide, since this Java logging library is so prevalent on Apache web servers and widely used in the development of Java applications.
There Are Currently No Threats to Sectigo Solutions
The Sectigo infrastructure and development teams have been assessing the situation and have confirmed that there are no threats to any existing Sectigo solutions. Sectigo has confirmed this by scanning all source code repositories for the java logging library and performing vulnerability scans of our retail sites and web applications. Sectigo will continue to monitor the situation and post updates if appropriate.
As for patching the vulnerability, Apache quickly released a security update. You can learn more about the latest release and how to update Log4j here.
Update Critical Business Apps and Services
Sectigo also recommends that everyone pay close attention in the coming weeks. While the latest Log4j update has fixed the exploit, many applications and services are still using the older version of the Log4j framework. This means that the vulnerability is still actively being exploited.
Although there is no evidence that the exploit was being used before a few weeks ago, there has been an uptick in bad actors scanning critical infrastructure around the world possibly to aggregate data on organizations that are still vulnerable. There also have been cases where attackers have been using this exploit to embed botnets, cryptominers, and other malicious code for nefarious reasons in the future which we widely expect to include ransomware.
With all critical vulnerabilities such as this, we ask that everyone stay vigilant and ensure all critical business apps and services are up to date.
-
Learn More
5 common types of website attacks
Blog Post from Sectigo
Blog Post Dec 08, 2021Every day, hackers around the world are scanning the Web for vulnerable websites to target - and yours could be next.
-
Learn More
What Shortened Lifecycles Mean for Enterprises
Blog Post from Sectigo
Blog Post Nov 30, 2021Certificate terms have continued to decrease, making S/MIME certificates used to secure and sign emails one of the last holdouts. Until recently, that is.
-
Learn More
Announcing the Latest Innovation in Certificate Lifecycle Management
Blog Post from Sectigo
Blog Post Nov 17, 2021Today marks a significant milestone in Sectigo’s history as we introduce new innovations to our flagship product, Sectigo Certificate Manager, to make it a universal platform capable of managing digital certificates issued by Sectigo and other leading public and private Certificate Authorities (CAs).