Google calls out Symantec certificates, threatens to downgrade trust

Security Digest Information security news and advice from TechTarget's network | March 29, 2017 FEATURED STORY Google considers options on Symantec certificate authority 'failures' by Peter Loshin, Site Editor Symantec certificate authority cries foul, as Google considers severe options following the company allegedly misissuing as many as 30,000 digital certificates. (SearchSecurity.com) Advertisement NEWS   Encryption debate needs to be nuanced, FBI's Comey says FBI Director James Comey brought the encryption debate back to the forefront by asking for a 'nuanced and thoughtful' conversation on the topic before there is a serious attack. (SearchSecurity.com)   Comodo to open its Certificate Transparency logs to all CAs Certificate authority Comodo has submitted two new Certificate Transparency logs for approval by Google, which aim to accept any publicly trusted certificates from any CA. (SearchSecurity.com)   Cisco issues fix for Vault 7 vulnerability without help from WikiLeaks News roundup: Cisco fixes a Vault 7 flaw unaided, despite WikiLeaks' pledge to work with vendors. Plus, LastPass flaws leak user data; Apple held hostage by hackers; and more. (SearchSecurity.com)   DV certificates abused, but policing may not be possible Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue. (SearchSecurity.com)   HTTPS interception, middlebox models under fire HTTPS interception in security products and services may be reducing security rather than improving it, according to US-CERT, which puts middleboxes in a precarious position. (SearchSecurity.com)   Risk & Repeat: Accused Yahoo hackers indicted In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the indictments of the alleged Yahoo hackers and how the attackers minted Yahoo authentication cookies. (SearchSecurity.com) EXPERT ADVICE   Android VPN apps: How to address privacy and security issues New research on Android VPN apps revealed the extent of their privacy and security flaws. Expert Kevin Beaver explains how IT professionals can mitigate the risks. (SearchSecurity.com)   How AWS Artifact tackles regulatory compliance for enterprises A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact. (SearchCloudSecurity.com)   Is encryption one of the required HIPAA implementation specifications? When it comes to encryption, the HIPAA implementation specifications are complicated. Expert Joseph Granneman explains whether it's required or addressable. (SearchSecurity.com)   How do identity governance and access management systems differ? Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.