-
Blog Post Jan 16, 2019
Government Website Certificates Expire, Leaving Americans at Risk
It’s been almost a month since the US Government shut down on December 22, 2018, and while some effects of this record-breaking shutdown are obvious, others are flying under the radar — including the increased vulnerability to cybercrime faced by millions of Americans.
-
Podcast Jan 08, 2019
Root Causes 02: O2 Outage and Equifax Breach
In December, users of O2 and Softbank experienced a data outage affecting 40 million. In 2017, 148 million lost their personal data in the Equifax breach.
-
Podcast Jan 04, 2019
Root Causes 01: Introduction
Intro to the leading PKI and security podcast. Learn your hosts' qualifications and the reasons for creating this podcast.
-
Blog Post Dec 19, 2018
How to Make Sure the Travel Sites You Visit Are Safe
It's that time of year when the winter blues have consumers heading online to explore and book their next vacation. To help travelers understand what to look for when booking travel online, Sectigo rated the safety of popular travel websites across categories, providing helpful tips to avoid fraudulent sites and phishing scams, and to protect their personal data.
-
Blog Post Dec 12, 2018
Equifax Data Breach Due to Unknown Certificate Expiration
Congress’s recent report on the 2017 Equifax data breach reveals that an expired certificate disabled a monitoring system, allowing the attack to harvest data unchecked for more than two months.
-
Blog Post Dec 07, 2018
Global Mobile Outage Shows the Danger in Poor Certificate Management
Yesterday, the world experienced major outages in its mobile networks, including loss of service for 32 million Britons on O2 and other carriers, as well as millions more in Japan and other parts of the globe. The rumor is that many private IoT networks were affected by this same outage, most of which we’ll probably never hear about.
-
Blog Post Nov 30, 2018
Recent research from PhishLabs shows that more than 50% of phishing sites now use SSL certificates. This fact isn’t really surprising considering that phishing sites depend fundamentally on being confused for the genuine sites they mimic. The closer the phishing site is to the actual site, the more effective it is in its mission. Adding an SSL certificate puts a lock icon and https to the web address; which in their absence, are important tip-offs that the site isn’t on the up and up.
-
Blog Post Sep 19, 2018
Upgrading Our Processes
Blogger Troy Hunt recently published a long missive in criticism of Extended Validation SSL, which includes a number of criticisms aimed at the Comodo brand in particular. Since the CA spun out of the larger Comodo Group, Inc. late last year we have been aggressively investigating all aspects of the business to identify where changes are required and to plan and implement them.
-
Blog Post Sep 11, 2018
Phishing Incident Statements
On September 11, 2018, a cybersecurity firm reported that it uncovered malicious code injected into the British Airways website, indicating that the hackers in the recent British Airways supply chain phishing attack made use of an increasingly common tactic of using large websites to embed pieces of code from third-party suppliers.