Five Cloud Security Considerations for CISOs

Kowsik Guruswamy | October 8, 2020 | byod, Cloud apps, Cloud Security, cyberattacks, Cybersecurity, email security, HTTPS, new normal, Phishing, SaaS, SpearPhishing, VPN, Web security

Discover How You Can Protect Users and the Organization in Today’s New Normal The past six months have been a whirlwind of change. Security teams across the world have scrambled to empower ...

Menlo Security Blog

PolarProxy in Docker

Erik Hjelmvik | October 7, 2020 | AArch64, arm32, arm64, container, curl, DNAT, Docker, Dockerfile, HTTPS, pcap, PCAP-over-IP, pcapoverip, PolarProxy, proxy, TLS, TLSI, X.509, x509

Our transparent TLS proxy PolarProxy is gaining lots of popularity due to how effective it is at generating decrypted PCAP files in combination with how easy it is to deploy. In this ...

NETRESEC Network Security Blog

HTTP Request Smuggling: A Primer

Katie Horne | September 8, 2020 | Cybersecurity, HTTPS, Security Vulnerabilities, shiftleft, web app security

One of the security issues you might face with your website or web app is request smuggling.HTTP request smuggling is a security vulnerability that allows an attacker to interfere with the way ...

ShiftLeft Blog - Medium

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

Ben Reardon | July 28, 2020 | BIG-IP, cisa, Corelight Labs, CVE-2020-5902, CVE10, f5, GitHub, http, HTTPS, NCC Group, open source, rce, Remote Code Execution, Sigma, Suricata, Uncategorized, Zeek

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...

Bright Ideas Blog

The certificate chain of trusts ensures both parties can safely exchange information

A Guide to Server Certificates

Jake Ludin | July 22, 2020 | certificate trust chain, education, HTTPS, server certificate validation, server certificates, SSL Certificates, web authentication

What are Server Certificates? Server certificates are an extremely recurrent piece of software that the average network user has no knowledge of but encounters every time the user accesses the internet. To ...

SecureW2

Security and Visibility When Users Are Not in the Office

Mehul Patel | July 14, 2020 | cloud-delivered security, DLP, HTTPS, HTTS, Phishing, Secure Web Gateway, security, security policies, SSL Inspection, URL filtering, visibility and control, VPN

Secure Remote Worker Use Case 2: Security and Visibility of Data and Traffic As we now accept the new norm, combating malicious cyberthreats comes down to two things: visibility and control. If ...

Menlo Security Blog

DNS over TLS and DNS over HTTPS

Jamie Brim | June 18, 2020 | Brave, Chrome, CloudFlare, Cobalt Strike, Command And Control, Corelight Labs, dns, DoH, DoT, Firefox, Godlua, goDoH, HTTPS, json, json+https, Malware, network security monitoring, network traffic analysis, opera, PsiXbot, TLS, TLS 1.3, Zeek

By Jamie Brim, Corelight Security Researcher In this post, we’ll explore DNS over TLS (DoT) and DNS over HTTPS (DoH). DoT and DoH were invented to address privacy concerns associated with cleartext ...

Bright Ideas Blog

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

Elliot Volkman | June 16, 2020 | APWG, HTTPS

Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of ...

The PhishLabs Blog

Best Practices for Securing a Remote Workforce

Curtis Simpson | April 13, 2020 | anomalous user access, Endpoint security, HTTPS, iot, Multifactor Authentication, Phishing, remote workers, secure application gateway, smart devices, virtual desktops, WFH

Here are eight tips to help security organizations in securing their remote workforce The novel coronavirus COVID-19 is causing global health and economic crises and profoundly impacting the way we live and ...

Security Boulevard

The Critical Role of SSL Inspection to Avoid Secure Malware Delivery

Kowsik Guruswamy | April 7, 2020 | HTTPS, Isolation Core, SSL Inspection

If you think the little green lock of https equals security, think again. The bad news is that the bad guys use encryption too. Many people mistakenly assume that as long as ...

Menlo Security Blog

HTTPS

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

What’s New In Gartner’s Hype Cycle For Cloud Security, 2020

Cloud Security Start-up With Irish Co-founder Bags $20m Funding