byPaul DucklinHere’s our latest Naked Security Live talk, explaining why HTTPS is vital, even if you’re publishing public data that isn’t confidential.Thats because HTTPS isn’t just about the confidentiality of the data you browse to – it’s also about improving your privacy in respect of what you chose to look at, when you

A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues.DNS (short for the Domain Name System) continues to be described as “the phonebook of the Internet,” but many people, including most readers of this blog, will be

byPaul DucklinWe advise you how to react when a friend suddenly asks for money, explain why Chromium is finally aiming for HTTPS by default, and warn you why you should never, ever hardcode passwords into your software.With Kimberly Truong, Doug Aamoth and Paul Ducklin.Intro and outro music: Edith Mudge.LISTEN NOWClick-and-drag on the soundwaves below to ski

<div> <img src="https://info.phishlabs.com/hs-fs/hubfs/APWG%20Q3%20Report-%20Four%20Out%20of%20Five%20Criminals%20Prefer%20HTTPS.jpg?width=1600&amp;name=APWG%20Q3%20Report-%20Four%20Out%20of%20Five%20Criminals%20Prefer%20HTTPS.jpg" alt="APWG Q3 Report- Four Out of Five Criminals Prefer HTTPS" width="1600" style="width: 1600px; margin: 0px 0px

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual scams but also digital skimming, the online equivalent of credit

byPaul DucklinHere’s a bureaucratic nightmare that unfolded over the weekendDigicert is one of the Big Five commercial CAs, short for certificate authorities – companies that sign and vouch for the digital certificates that put the the S in HTTPS and the padlock in your browser’s address bar.As we’ve mentioned before, web certificates

byPaul DucklinThe US government just announced its plans for HTTPS on all dot-gov sites.HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar.Actually, the government is going one step further than that.As well as saying all dot-gov sites should be available over HTTP

<p>Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers.&nbsp;</p> <p>Last year, threat actors hit

Reading Time: ~ 3 min. Despite the intent of ensuring safe transit of information to and from a trusted website, encrypted protocols (usually HTTPS) do little to validate that the content of certified websites is safe. With the widespread usage of HTTPS protocols on major websites, network and security devices relying on interception of user traffic to ap

byLisa VaasEnough people must have griped about the loss of “www” and “https” in Chrome’s address bar to make Google rethink it: Chromium developers are testing a new Omnibox context menu that would give users the option to “Always Show Full URLs.”You can see what the final rendition of the “Show Full URLs̶

byJohn E DunnConverting websites from HTTP to HTTPS over the last decade must count as one of the most successful quiet security upgrades ever to affect web browsing.Using an HTTPS site means that your browser and the site establish an encrypted connection which can’t be snooped on by ISPs, rogue Wi-Fi access points, or anyone else trying to monitor the cont

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim

<p>The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG), which compiles insights from member companies, announced that the year-end number of reported phishing websites for 2019 reached a record high. Most menacing; however, are the trends of phishing gangs targeting users of web-hosted email, social media, and busines

byDanny BradburyLast week was a big one for non-profit digital certificate project Let’s Encrypt – it issued its billionth certificate. It’s a symbolic milestone that shows how important this free certificate service has become to web users.Publicly announced in November 2014, Let’s Encrypt offers TLS certificates for free. These cert

<p>This week, APWG released its <u>findings from Q3</u> that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now