Cyber Security Informer

Critical Vulnerability in Open SSL

Schneier on Security

OCTOBER 28, 2022

There are no details yet, but it’s really important that you patch Open SSL 3.x x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.

SSH vs. SSL/TLS: What’s The Difference?

Security Boulevard

APRIL 30, 2024

SSH and SSL/TLS are two widely used cryptographic protocols for establishing secure connections and ensuring secure communication between two parties over an unsecured network. Here is a deep dive into how they work, what […] The post SSH vs. Here is a deep dive into how they work, what […] The post SSH vs. SSL/TLS: What’s The Difference?

Encryption

Encryption Authentication Network Security

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

Bleeping Computer

FEBRUARY 8, 2024

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [.]

VPN

SSL Certificate Best Practices Policy

Tech Republic Security

SEPTEMBER 20, 2023

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. The purpose of this SSL Certificate Best Practices Policy from TechRepublic.

Encryption

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

The Hacker News

FEBRUARY 8, 2024

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A

VPN

CVE-2024-22394 Exposed: SonicWall SSL-VPN’s Authentication Flaw

Penetration Testing

FEBRUARY 9, 2024

Recently, a critical flaw, nestled within the SSL-VPN feature of SonicWall’s SonicOS, has been brought to light, exposing a gap wide enough for remote attackers to slip through unnoticed.

Authentication

Authentication Penetration Testing VPN

Multi-Domain SSL – Comprehensive SSL Security for Business Websites

Security Boulevard

JULY 13, 2021

SSL Certificates are landmarks for data security. From securing data in transit to enhancing customer trust and improving search rankings, SSL certificates are indispensable for all kinds of organizations, regardless. The post Multi-Domain SSL – Comprehensive SSL Security for Business Websites appeared first on Indusface.

Network Security

New security tool lets you bypass SSL errors

CSO Magazine

MAY 15, 2023

Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer ( SSL ) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection.

Architecture

Architecture Internet Internet

Securing Kubernetes Ingress Controllers with SSL / TLS Certificates

GlobalSign

OCTOBER 23, 2023

Let’s explore securing Kubernetes plug-ins with SSL / TLS. Increased adoption of Kubernetes controllers requires the right security measures.

What are SSL certificates?

Malwarebytes

SEPTEMBER 15, 2021

Secure Sockets Layer (SSL) certificates are what cause your browser to display a padlock icon, indicating that your connection to a websites is secure. On a strictly technical level, SSL was actually superseded by Transport Layer Security (TLS) many years ago, but the name has stuck around. What is the purpose of SSL certificates?

Encryption

Encryption Authentication Engineering Phishing

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Bleeping Computer

JUNE 11, 2023

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices. [.]

VPN

VPN Firmware Authentication

How to create Let's Encrypt SSL certificates with acme.sh on Linux

Tech Republic Security

SEPTEMBER 23, 2021

Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme.sh Jack Wallen shows you how to install and use this handy script.

Encryption

‘SSL for SEO’ the 2022 Google Ranking Mantra

Security Boulevard

JUNE 7, 2022

which Google loves) Yes, it’s possible with an SSL Certificate! The post ‘SSL for SEO’ the 2022 Google Ranking Mantra appeared first on https.in The post ‘SSL for SEO’ the 2022 Google Ranking Mantra appeared first on Security Boulevard. But, what if you could increase your SEO rankings with a simple trick?

Weaknesses in Cisco ASA SSL VPNs Exploited Through Brute-Force Attacks

Heimadal Security

AUGUST 31, 2023

In a recent surge of cyber threats, hackers have targeted Cisco Adaptive Security Appliance (ASA) SSL VPNs using a combination of brute-force attacks and credential stuffing. These attacks have taken advantage of security vulnerabilities, particularly the absence of robust multi-factor authentication (MFA) measures.

Cyber threats

Cyber threats Authentication Cybersecurity

Comodo Positive SSL Certificate Review

Security Boulevard

JUNE 26, 2023

Is Positive SSL good? For any website desiring to establish… Continue reading Comodo Positive SSL Certificate Review The post Comodo Positive SSL Certificate Review appeared first on SSLWiki. The post Comodo Positive SSL Certificate Review appeared first on Security Boulevard.

Why is my SSL expiring every 3 months?

Security Boulevard

JANUARY 11, 2024

Digital certificates, used with the protocol ‘TLS’ (Transport Layer Security, previously known as ‘SSL’ or Secure Socket Layers) establish secure connections between your web server and the browsers visitors use to view your site. The post Why is my SSL expiring every 3 months? appeared first on Security Boulevard.

Authentication

Authentication Cybersecurity

Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks

Bleeping Computer

DECEMBER 12, 2022

Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices. [.].

VPN

CVE-2024-21762 (CVSS 9.6): FortiOS SSL-VPN Zero-Day Pre-Auth RCE Flaw

Penetration Testing

FEBRUARY 8, 2024

The advisory centered around a... The post CVE-2024-21762 (CVSS 9.6): FortiOS SSL-VPN Zero-Day Pre-Auth RCE Flaw appeared first on Penetration Testing. A stark reminder of this ongoing battle against cyber threats emerged recently when Fortinet, a titan in the realm of network security, issued a critical alert to its customers.

VPN

VPN Penetration Testing Cyber threats Network Security

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

What Is An SSL Certificate?[MUST READ]

SecureBlitz

JANUARY 27, 2022

If you have been coming across SSL Certificate online and you don’t know what it means, then this article is for you. Here, you will learn everything you must know about SSL Certificate. The post What Is An SSL Certificate?[MUST There are a. MUST READ] appeared first on SecureBlitz Cybersecurity.

Cyber Attacks

Cyber Attacks Cybersecurity

How to force Portainer to use HTTPS and upload your SSL certificates for heightened security

Tech Republic Security

JANUARY 25, 2023

The post How to force Portainer to use HTTPS and upload your SSL certificates for heightened security appeared first on TechRepublic. If Portainer is your go-to GUI for Docker and Kubernetes, you should consider adding a bit of extra security to the deployment.

Network Security

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

Security Affairs

DECEMBER 12, 2022

Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.”

VPN

VPN Hacking Cybersecurity Information Security

8 Different Ways to Bypass SSL Pinning in iOS application

Appknox

OCTOBER 13, 2021

SSL Pinning is a technique that we use on the client-side to avoid a man-in-the-middle attack by validating the server certificates. The developers embed (or pin) a list of trustful certificates to the client application during development, and use them to compare against the server certificates during runtime.

Code Signing vs SSL Certificates: Key Differences

Security Boulevard

AUGUST 11, 2021

Before we discuss the differences between the two, let’s first understand what’s common between a Code Signing Certificate and an SSL certificate. Code signing certificate is used for securing software while SSL certificate is used for securing internet communication. But the issuing […].

Authentication

Authentication Internet Internet Software

How to create locally signed SSL certificates with mkcert

Tech Republic Security

AUGUST 26, 2021

If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. Jack Wallen shows you how to use this handy tool.

How to enable SSL on Ubuntu Linux for testing

Tech Republic Security

MAY 15, 2020

When that software requires SSL, you can enable a snake-oil SSL key for testing purposes. Sometimes admins need to be able to test a web-based solution before deciding it's worth using.

Software

What are the Different Types of SSL Certificates Available?

Security Boulevard

MAY 11, 2021

While there is no doubt that a Secure Sockets Layer (SSL) certificate is crucial for your website to safeguard against cyberattacks, it could be challenging to choose the right one. The post What are the Different Types of SSL Certificates Available? The post What are the Different Types of SSL Certificates Available?

Network Security

CloudPanel installations use the same SSL certificate private key

Bleeping Computer

MARCH 23, 2023

Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings. [.]

Firewall

SSL is Not Just a Compliance Necessity- Don’t End-Up Buying Any SSL Certificate

Security Boulevard

APRIL 6, 2021

There was a time when SSL was not a necessity for all websites; only websites that were selling something or collecting credit card information were required to buy SSL certificates. The post SSL is Not Just a Compliance Necessity- Don’t End-Up Buying Any SSL Certificate appeared first on Indusface.

You can create Let's Encrypt SSL certificates with acme.sh on Linux

Tech Republic Security

OCTOBER 8, 2021

Let's make issuing and installing SSL certificates less of a challenge. Tools like acme.sh Jack Wallen shows you how to install and use this handy script.

Encryption

Microsoft WinGet package manager failing from expired SSL certificate

Bleeping Computer

FEBRUARY 11, 2023

Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired. [.]

How to utilize openssl in Linux to check SSL certificate details

Tech Republic Security

SEPTEMBER 13, 2021

SSL certificates are an integral component in securing data and connectivity to other systems. Learn tips on how you can use the Linux openssl command to find critical certificate details.

What is SSL? How SSL certificates enable encrypted communication

CSO Magazine

MARCH 28, 2022

SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible. Secure Sockets Layer, or SSL, was the original name of the protocol when it was developed in the mid-1990s by Netscape, the company that made the most popular Web browser at the time. had serious flaws.

Encryption

Encryption eCommerce Internet Internet

News Alert: AppViewX – EMA study finds 79 percent of SSL/TLS certificates vulnerable to MiTM attacks

The Last Watchdog

AUGUST 1, 2023

1, 2023– AppViewX , a leader in automated machine identity management (MIM) and application infrastructure security, today announced the results of a research study conducted by Enterprise Management Associates (EMA) on SSL/TLS Certificate Security. New York, NY, Aug.

Internet

Internet Internet Healthcare Banking

What Is TLS/SSL Offloading?

Security Boulevard

SEPTEMBER 2, 2022

What Is TLS/SSL Offloading? TLS/SSL Offloading Definition. A common misconception about TLS/SSL encryption is that a person’s computer connects directly with a web server and information is sent directly between the two. This process is known as TLS/SSL offloading. How Does TLS/SSL Offloading Work?

Encryption

Encryption Malware

Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day

Bleeping Computer

JANUARY 12, 2023

Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. [.].

VPN

VPN Government

Microsoft Exchange admin portal blocked by expired SSL certificate

Bleeping Computer

MAY 23, 2021

The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. [.].

Visualize Your Entire SSL/TLS Certificate Inventory with Atlas Discovery

GlobalSign

JUNE 13, 2023

Do you know what SSL/TLS certificates you have in your organization? Read more to learn about the certificate inventory tool that could help you.

Best SSL Discovery and Monitoring Tools

Security Boulevard

APRIL 5, 2023

CT logs are public, append-only cryptographically verifiable logs that record the issuance and revocation of SSL/TLS certificates, allowing anyone to verify the validity and authenticity of a certificate. The post Best SSL Discovery and Monitoring Tools appeared first on Security Boulevard.

Authentication

Authentication Accountability

Provide Secure Remote Access for Your Employees with an SSL VPN

Tech Republic Security

JULY 18, 2023

Array Networks offers SSL VPN gateways to meet a variety of needs for small and medium enterprises. Request a demo now.

VPN

The Enemy of Uptime: An Expired SSL Certificate

Security Boulevard

MAY 7, 2021

Every day thousands of SSL certificates expire. Another SSL certificate expires. The post The Enemy of Uptime: An Expired SSL Certificate appeared first on Security Boulevard. In most cases, these seemingly insignificant moments go unnoticed. Our websites stay secure, our servers keep humming, and it’s business as usual.

SSL Certificate 101 – Everything You Should Know

SecureBlitz

JANUARY 27, 2022

If you have been coming across SSL Certificate online and you don’t know what it means, then this article is for you. Here, you will learn everything you must know about SSL Certificate. The post SSL Certificate 101 – Everything You Should Know appeared first on SecureBlitz Cybersecurity. There are a.

Cyber Attacks

Cyber Attacks Cybersecurity

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Security Affairs

JANUARY 20, 2023

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day.

VPN

VPN Firewall Internet Internet

Critical Vulnerability in Open SSL

SSH vs. SSL/TLS: What’s The Difference?

Trending Sources

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

SSL Certificate Best Practices Policy

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

CVE-2024-22394 Exposed: SonicWall SSL-VPN’s Authentication Flaw

Multi-Domain SSL – Comprehensive SSL Security for Business Websites

New security tool lets you bypass SSL errors

Securing Kubernetes Ingress Controllers with SSL / TLS Certificates

What are SSL certificates?

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

How to create Let's Encrypt SSL certificates with acme.sh on Linux

‘SSL for SEO’ the 2022 Google Ranking Mantra

Weaknesses in Cisco ASA SSL VPNs Exploited Through Brute-Force Attacks

Comodo Positive SSL Certificate Review

Why is my SSL expiring every 3 months?

Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks

CVE-2024-21762 (CVSS 9.6): FortiOS SSL-VPN Zero-Day Pre-Auth RCE Flaw

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

What Is An SSL Certificate?[MUST READ]

How to force Portainer to use HTTPS and upload your SSL certificates for heightened security

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

8 Different Ways to Bypass SSL Pinning in iOS application

Code Signing vs SSL Certificates: Key Differences

How to create locally signed SSL certificates with mkcert

How to enable SSL on Ubuntu Linux for testing

What are the Different Types of SSL Certificates Available?

CloudPanel installations use the same SSL certificate private key

SSL is Not Just a Compliance Necessity- Don’t End-Up Buying Any SSL Certificate

You can create Let's Encrypt SSL certificates with acme.sh on Linux

Microsoft WinGet package manager failing from expired SSL certificate

How to utilize openssl in Linux to check SSL certificate details

What is SSL? How SSL certificates enable encrypted communication

News Alert: AppViewX – EMA study finds 79 percent of SSL/TLS certificates vulnerable to MiTM attacks

What Is TLS/SSL Offloading?

Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day

Microsoft Exchange admin portal blocked by expired SSL certificate

Visualize Your Entire SSL/TLS Certificate Inventory with Atlas Discovery

Best SSL Discovery and Monitoring Tools

Provide Secure Remote Access for Your Employees with an SSL VPN

The Enemy of Uptime: An Expired SSL Certificate

SSL Certificate 101 – Everything You Should Know

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Stay Connected