remote workforce

Best Practices for Securing a Remote Workforce

Here are eight tips to help security organizations in securing their remote workforce The novel coronavirus COVID-19 is causing global health and economic crises and profoundly impacting the way we live and ...
Security Boulevard

The Critical Role of SSL Inspection to Avoid Secure Malware Delivery

If you think the little green lock of https equals security, think again. The bad news is that the bad guys use encryption too. Many people mistakenly assume that as long as ...
TLS Termination Proxy

Reverse Proxy and TLS Termination

PolarProxy is primarily a TLS forward proxy, but it can also be used as a TLS termination proxy or reverse TLS proxy to intercept and decrypt incoming TLS traffic, such as HTTPS ...

IoT Device Attacks, FCC Fines Mobile Carriers, Let’s Encrypt Certificate Bug

In episode 111 for March 9th 2020: A new report shows that attacks on Internet of Things devices are on the rise, the FCC fines major mobile carriers for selling users’ location ...
APWG Year-End Report: 2019 A Roller Coaster Ride for Phishing

APWG Year-End Report: 2019 A Roller Coaster Ride for Phishing

| | APWG, bec, HTTPS, social media
The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG), which compiles insights from member companies, announced that the year-end number of reported phishing websites for 2019 reached a record ...
Firefox Enables DNS over HTTPS by Default in the United States

Firefox Enables DNS over HTTPS by Default in the United States

Mozilla is turning on DNS over HTTPS by default for users in the United States and is making it available for users throughout the rest of the world if they choose it ...
Google Chrome to Block Downloads from Unsecured Locations

Google Chrome to Block Downloads from Unsecured Locations

Google is set to make significant changes to the Google Chrome browser that would eventually lead to entirely blocking the download of files from HTTP (unencrypted) sources, starting with Chrome 83. The ...
Network drawing with Clients, SecurityOnion and the Internet

Sniffing Decrypted TLS Traffic with Security Onion

Wouldn't it be awesome to have a NIDS like Snort, Suricata or Zeek inspect HTTP requests leaving your network inside TLS encrypted HTTPS traffic? Yeah, we think so too! We have therefore ...
Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...

The Central Repository is Moving to HTTPS

As stewards of Maven Central, Sonatype is responsible for hosting and transmitting a disproportionately high volume of the Java ecosystem’s open-source components. In the month of November 2019 alone, total requests to ...