-
Listen Now
EPISODE 431
Broadcast Date:
October 11, 202428 minutes
Podcast Oct 11, 2024Root Causes 431: New Mozilla Proposal to Combat Delayed Revocation
Deliberate delay of mandatory revocations has plagued the WebPKI in 2024. A new proposed policy from Mozilla stands to eliminate most of this behavior.
-
Learn More
The CISO’s guide to establishing quantum resilience
News Article from Sectigo
News Article Oct 10, 2024Security leaders must help their orgs prepare immediately for a post-quantum environment. Here are the steps and strategies CISOs, security teams, and C-suite colleagues must take and shape — starting with facilitating a board-down cultural shift.
-
Learn More
How 90-Day certificates, PQC & crypto agility strengthen cybersecurity
Blog Post from Sectigo
Blog Post Oct 09, 202490-day certificates, PQC, and crypto agility are vital, interconnected strategies for proactive cybersecurity and preparing for future quantum threats.
-
Listen Now
EPISODE 430
Broadcast Date:
October 9, 202414 minutes
Podcast Oct 09, 2024Root Causes 430: How Does a TLS Handshake Work?
In this episode we give a high level explanation of what happens in a TLS 1.3 handshake and then discuss what will happen when PQC is included.
-
Listen Now
EPISODE 429
Broadcast Date:
October 8, 20247 minutes
Podcast Oct 08, 2024Root Causes 429: ServiceNow Outage Due to Expired Root Certificate
A ServiceNow private CA root expired, creating outages across hundreds of enterprises. We explain what appears to have gone on.
-
Learn More
Insider Threat Damage Balloons as Visibility Gaps Widen
News Article from Sectigo
News Article Oct 04, 2024A growing number of organizations are taking longer to get back on their feet after an attack, and they're paying high price tags to do so — up to $2M or more.
-
Learn More
Ivanti Flaw Exploited, Posing 'Significant Threat'
News Article from Sectigo
News Article Oct 04, 2024An Ivanti flaw in its Endpoint Manager (EPM) has been exploited despite being identified and patched in May.
-
Learn More
Cybersecurity basics: passwords, MFA, phishing & software updates
Blog Post from Sectigo
Blog Post Oct 04, 2024Despite years of awareness, basic cybersecurity practices like strong passwords, MFA, and phishing alerts are still essential in our fast-paced world.
-
Listen Now
EPISODE 428
Broadcast Date:
October 4, 202417 minutes
Podcast Oct 04, 2024Root Causes 428: .MOBI Attack Puts WHOIS-based DCV into Question
White hat researchers managed to take over WHOIS for the .mobi TLD, foretelling the death of WHOIS as an email source for Domain Control Validation (DCV).
-
Listen Now
EPISODE 428
Broadcast Date:
October 4, 202417 minutes
Podcast Oct 04, 2024Root Causes 428: .MOBI Attack Puts WHOIS-based DCV into Question
White hat researchers control .mobi WHOIS, signaling the decline of WHOIS as a reliable source for Domain Control Validation (DCV) emails.
-
Learn More
NIST's Security Flaw Database Still Backlogged with 17K+ Unprocessed Bugs. Not Great
News Article from Sectigo
News Article Oct 02, 2024NIST has made some progress clearing its backlog of security vulnerability reports to process – though it's not quite on target as hoped. The US government standards body just blew its self-imposed September 30 deadline to bring the speed at which its National Vulnerability Database (NVD) processes new flaws up to its pre-February rate, following a decline in output this year.
-
Listen Now
EPISODE 427
Broadcast Date:
October 2, 202416 minutes
Podcast Oct 02, 2024Root Causes 427: Mapping CLM to NIST CSF 2.0
In this episode we map the contributions of Certificate Lifecycle Management into the new NIST Cybersecurity Framework 2.0.