A report released today by security experts from Sucuri and Unmask Parasites (UP) describes numerous instances where sites that handled password and credit card via HTTP pages found themselves on Google's Safe Browsing blacklist.
Starting yesterday, via updates delivered in the May 2017 Patch Tuesday, Microsoft browsers such as Edge and Internet Explorer, have begun flagging websites as insecure if they use SSL/TLS certificates signed with the SHA-1 algorithm.
Google announced plans to increase the usage of the "Not secure" indicator on sites loaded via HTTP. The company's plan includes two major changes.
Last week, the CA/Browser Forum voted to implement CAA mandatory checks before the issuance of new SSL/TLS certificates, as a measure to prevent the misissuance of HTTPS certificates.
Flaws in the API used by Symantec partners would have allowed an attacker to retrieve certificates, including private keys, security researcher Chris Byrne said in a Facebook post published over the weekend.
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites.
Google Chrome engineers announced plans today to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec.
The developer of Oil and Gas International (OGI), a Texas-based website for petroleum industry news, has filed a complaint on the Mozilla bug tracker, accusing Firefox of wrongly labeling his website as insecure.
In an advisory sent to enterprises across the US, the Department of Homeland Security's US-CERT group is warning that security products which perform HTTPS interception might weaken a company's overall security.
A large chunk of the 120,000 Chromebooks deployed at Maryland's Montgomery County schools went down last week after computers using Symantec BlueCoat security software weren't able to handle TLS 1.3 connections that Google started supporting with the release of Chrome and Chrome OS 56.
The way in which Firefox caches intermediate CA certificates allows a third-party to deduce various details about website visitors and also link advertising profiles to private browsing sessions.
Experts from Sudo Security Group have discovered that at least 76 of the most popular iOS apps available through Apple's App Store have failed to properly implement TLS encryption and expose their users to silent MitM (Man-in-the-Middle) attacks.