In a coordinated announcement, Microsoft, Google, Apple, and Mozilla have stated that they will be retiring the TLS 1.0 and TLS 1.1 secure communication protocols beginning in 2020.
A severe issue was addressed on Monday, an issue that under certain conditions could be used to expose the private keys for TLS certificates used by companies running their infrastructure on cloud servers.
The US Department of Defense plans to implement HTTPS and HSTS (HTTP Strict Transport Security) for all its public-facing websites by the end of the year.
Google has released today version 68 of the Chrome browser. This marks a milestone release for the browser maker, being the first version where Chrome will mark HTTP sites as "Not Secure."
Google announced earlier today plans to drop the "Secure" indicator from the Chrome URL address bar and only show a lock icon when the user is navigating to an HTTPS-secured website.
Starting last week, on May 8, Google has opened the .app top-level domain (TLD) to the general public, allowing anyone to register their desired .app domain name. As its name implies, the domain is intended for app developers, but anyone can register a domain, may it be for an app or not.
Starting today, the Google Chrome browser will show a full-page warning whenever users are accessing an HTTPS website that's using an SSL certificate that has not been logged in a public Certificate Transparency (CT) log.
Mozilla Foundation engineers announced plans over the weekend to test the "DNS over HTTPS" (DoH) fledgling security standard in Firefox Nightly distributions.
Trustico, a reseller of SSL certificates, has admitted to storing the private keys of some of the SSL certificates it issued to its customers over the past years.
Over 23,000 users will have their SSL certificates revoked by tomorrow morning, March 1, in an incident between two companies —Trustico and DigiCert— that is likely to have a huge impact on the CA (Certificate Authority) industry as a whole in the coming months.
There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such certificates are too high, and only a few hackers can afford one.
Researchers say that threat actors looking for a covert channel for stealing data from a firewalled network can abuse X.509 certificates to hide and extract data without being detected.
Google announced earlier today plans to mark all HTTP sites as "Not Secure" in Chrome, starting with July 2018, when the company plans to release Google Chrome 68.
In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context").
Yesterday, Cisco rolled out Encrypted Traffic Analytics (ETA), a breakthrough technology that identifies malware in encrypted traffic without the need of intercepting and decrypting data streams.
The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default.
Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.
New research published yesterday reveals that putting your trust in Extended Validation ("EV") SSL certificates will not safeguard you from phishing sites and online fraud.
Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by 2020.