The CA/B Forum’s newly approved “Definitions and Glossary Chartered Working Group” aims to standardize industry language to create clarity and consensus of terms used in security guidelines Within the cybersecurity industry, multiple terms can describe something, or a single term can describe several things. This is especially true within public key infrastructure (PKI). Think of a simple example using terms like “SSL” and “TLS.” Someone could use these terms to refer to the security protocols that layer over HTTP to create the secure HTTPS protocol, or to mean the digital certificates you ins ..read more

Verizon’s 2023 Data Breach Investigations Report (DBIR) data indicates that 86% of web app-related data breaches involved the use of stolen credentials. Explore 9 password cracking methods and how to fight them Password compromises continue to be a leading security issue for organizations and their customers. 46% of Forbes’ U.S. OnePoll survey respondents say their passwords were breached in the past year. There are many reasons why passwords can become compromised. Sometimes, it’s something as simple as hardcoding your credentials into applications. But in most cases, these situations occur a ..read more

Gartner reports taking “twice as many calls” about PKI and certificate lifecycle management (CLM) than multi-factor authentication (MFA)-related calls in 2023. Why is interest in PKI growing and why are so many organizations having PKI-related challenges? Let’s take a look… Erik Wahlström, Vice President and Key Initiative Leader of the Identity and Access Management Team at Gartner, recently shared in a LinkedIn post that organizations are increasingly interested in public key infrastructure (PKI) and managing their digital certificates. Is this growing interest because more companies are usi ..read more

Data from the FBI Internet Crime Complaint Center (IC3) indicates that reported business email compromise scam losses are up nearly 58% since 2020. See where your state stands regarding the costs of these email channel scams… A business email compromise (BEC) attack will turn your average day into a scorching dumpster fire. BEC is a devastating technique that can result in everything from system compromises and data breaches to financial losses and reputational ruination. For this report, we’re focusing on the financial consequences — i.e., reported financial losses — this type of attack creat ..read more

Explore the public key infrastructure (PKI)-related lessons gleaned from public and private entities that got publicity for all the wrong reasons…   PKI is a critical part of most IT systems. When it works well, it’s largely invisible — authenticating connections and encrypting data without most users knowing it’s there. But when things go wrong, the results can be devastating. Let’s take a look at three common PKI mistakes and the (bad news) headlines they create. Now, we’re not here to bash organizations who made a PKI “oopsie.” However, we’re sharing all of this information to help you ..read more

Document signing isn’t just for PDFs. We’ll walk you through how to add a digital signature in Word using your document signing certificate on a Windows device Let’s cut to the chase: You bought a document signing certificate and want to know how to digitally sign a Word document using it. Or, you haven’t bought one yet but are wondering how easy it is to use this type of certificate if you do. Either way, we’re here to walk you through the process in the amount of time it takes to order from your favorite takeaway lunch joint.  Let’s hash it out. The post How to Sign a Word Document Usin ..read more

Although deepfake technologies are still in their infancy, falling for scams utilizing them can cost you millions. The good news is that there are steps you can take to make yourself and your company more challenging targets for deepfake attackers. Generative AI technologies are getting more realistic as days go by. Many times, they can be used for good. But, as we learned in our recent article on generative AI and deepfake statistics, cybercriminals also use them to carry out nefarious activities. Unfortunately for one multinational financial firm, its employees learned (the hard way) what ha ..read more

Knowing how to make your website secure can be the difference between sharing positive news with website users and having to inform them that their data has been breached.   There are certain things every website owner should know, and a very important one is how to make your website secure (or, at least, as secure as possible). We’re here to provide guidance that may serve as a quick refresher for some and an educaitonal guide for others to explore. Let’s hash it out. The post How Do I Make My Website Secure? The Essential Guide appeared first on Hashed Out by The SSL Store ..read more

It seems like every time you turn around, new U.S. data privacy laws are popping up. The United States is an expansive country made up of 50 individual governing states, many of which are taking different approaches to protecting data privacy. We’ll explore the list of U.S. data privacy laws by state. There are dozens of data security and encryption laws that have popped up globally over the past couple of decades. The same can be said regarding data privacy laws in the U.S. However, not all of them passed muster and continued on to be signed in their state or country. With the increasing expe ..read more

We’ll break down XML- and PKI-rooted SAML authentication and its role in Single Sign-On technologies (used by authentication tools like Okta, Duo, etc.) in layman’s terms  SAML, or Security Assertion Markup Language, is a foundational element of single sign-on (SSO) tools. SSO technology is convenient and easy to use; it serves as a centralized point of authentication that users authenticate to (typically in the form of a user portal). Once a user is authenticated, they’ll have access to all the apps and tools they’re authorized to use via a centralized dashboard.   For example ..read more