Cybersecurity
Okta breached again due to past breaches
Identity management platform Okta, on October 20th 2023, said it had suffered another breach in its customer support system. As a company that deals with access and authentication services, when…
Read more
When Should mTLS Be Used & When Should It Not Be Used?
If you are looking to adopt a zero trust security posture, mTLS is a must have when it comes to network communications between various application components that you manage as…
Read more
What Sets mTLS Apart From TLS and SSL?
mTLS is an extension of the security provided by TLS. This is done by adding mutual authentication between the client and the server. When using mTLS, both the client and…
Read more
How Does mTLS Work?
What makes mTLS different to standard TLS is that it is two ways. It is also helpful to understand how TLS on its own works using the public key cryptography…
Read more
What is mTLS?
A variation of the transport layer security (TLS), there is mutual TLS (mTLS). TLS is the successor to secure sockets layer (SSL) and is the most widely deployed standard for…
Read more
Why Is mTLS Needed?
mTLS is an important component of a zero trust architecture. One of the principles of zero trust networking is to assume that there is an attacker that has infiltrated your…
Read more
How Is mTLS Implemented?
Proving Identity Is The Hardest Part of mTLS mTLS has significant security advantages, but it also has some implementation challenges such as the establishment of secure mechanisms for services to…
Read more
Amazon AWS S3 Buckets Used To Deliver Malware Through S3 Buckets
Malicious threat actors are exploiting expired Amazon AWS S3 buckets to place malicious code into legitimate packages in the npm repository with out having to make modifications to any of…
Read more
Part 3 De-Anonymizing Domains on the Dark Web – Favicon matching
Favicon Matching The second method that is used to uncover a dark web based website on the surface internet (clear internet) is the process of "favicon matching". A favicon is…
Read more
Part 2 De-Anonymizing Domains on the Dark Web – TLS Certificate Matching
The first approach used by Cisco's Talos Threat Intelligence team was that of TLS certificate matching. With this approach the self signed certificate that is used by their dark web…
Read more