ZDNet

Let's Encrypt disables TLS-SNI-01 validation

Let's Encrypt has disabled TLS-SNI-01 validation after the discovery of an attack able to hijack certificates using the protocol. The certificate authority, which offers free SSL and TLS certificates ...
SourceSecurity

Unveiling TLS exploit: Keysight leads security innovation

Keysight’s Application and Threat Intelligence (ATI) research team has uncovered a novel Transport Layer Security (TLS) handshake exploit that uses protocol-compliant behaviour to evade traditional ...
Network World

Father of SSL says despite attacks, the security linchpin has lots of life left

SSL/TLS, the protocol that protects security of e-commerce, has taken a beating lately, with news items ranging from the violation of certificate authorities to the discovery of an exploit that beats ...
Forbes

Digital Groundhog Day: The 47-Day TLS Certificate Mandate You Can’t Escape

Every digital transaction—checkout, login, API call—runs on a hidden foundation of millions of machine identities. Transport Layer Security (TLS) certificates, just one type of machine identity, are ...
Dark Reading

Abusing X.509 Digital Certificates for Covert Data Exchange

Researchers at Fidelis Cybersecurity have identified a new technique that attackers can potentially employ for covertly exchanging data using X.509 digital certificates. The method builds on previous ...