TLS

NSA: New guidance to eliminate obsolete TLS protocols

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

NSA: New guidance to eliminate obsolete TLS protocols Read More »

GnuTLS patches TLS vulnerability that could cause MITM attack

The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.

GnuTLS patches TLS vulnerability that could cause MITM attack Read More »

hacking, security, cyber-4038037.jpg

NIST SP 800-177: New Email Security Guidelines To Combat Phishing Threats

The NIST standard, SP 800-177 Revision 1, Trustworthy Email (Draft) was released last month and offers up-to-date security guidance to include SPF, DKIM, DMARC, and email digital signatures and encryption (via S/MIME), among others.

NIST SP 800-177: New Email Security Guidelines To Combat Phishing Threats Read More »

NIST SP 800-177 Revision 1: “Trustworthy Email”

The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving “trustworthy email”.

NIST SP 800-177 Revision 1: “Trustworthy Email” Read More »