Five Cloud Security Considerations for CISOs

Discover How You Can Protect Users and the Organization in Today’s New Normal The past six months have been a whirlwind of change. Security teams across the world have scrambled to empower ...
PolarProxy + Docker

PolarProxy in Docker

Our transparent TLS proxy PolarProxy is gaining lots of popularity due to how effective it is at generating decrypted PCAP files in combination with how easy it is to deploy. In this ...
HTTP Request Smuggling: A Primer

HTTP Request Smuggling: A Primer

One of the security issues you might face with your website or web app is request smuggling.HTTP request smuggling is a security vulnerability that allows an attacker to interfere with the way ...

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
The certificate chain of trusts ensures both parties can safely exchange information

A Guide to Server Certificates

What are Server Certificates? Server certificates are an extremely recurrent piece of software that the average network user has no knowledge of but encounters every time the user accesses the internet. To ...

Security and Visibility When Users Are Not in the Office

Secure Remote Worker Use Case 2: Security and Visibility of Data and Traffic As we now accept the new norm, combating malicious cyberthreats comes down to two things: visibility and control. If ...
DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS

By Jamie Brim, Corelight Security Researcher In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext ...
Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

| | APWG, HTTPS
Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of ...
remote workforce

Best Practices for Securing a Remote Workforce

Here are eight tips to help security organizations in securing their remote workforce The novel coronavirus COVID-19 is causing global health and economic crises and profoundly impacting the way we live and ...
Security Boulevard

The Critical Role of SSL Inspection to Avoid Secure Malware Delivery

If you think the little green lock of https equals security, think again. The bad news is that the bad guys use encryption too. Many people mistakenly assume that as long as ...