Brian Krebs explains how a breech at Docusign led to a targeted email malware campaign. This hits close to him as I am a user of Docusign. Fortunately I expect to see the contracts come across and I know who they are coming from, but if you deal with a lot of documents this could be bad. Anyhow, this links out to KrebsonSecurity. Check it out. … [Read more...] about Docusign Breech Leads to More Malware! (External Link)
Yet another trusted site has been found to be compromised. Read about it on Arstechnica. … [Read more...] about Mac Backdoor Distributed By Trusted Site – HandBrake (Link)
Back around the beginning of 2015 there was a breaking story about Gogo Inflight issuing fake SSL certificates when folks visiting google branded sites. While I don't intend to debate or even stir up converstaions around that topic I must say, SSL MITM is a common practice withing enterprise networks. I think every employee withing an organization should assume that … [Read more...] about Do We Really Need SSL Decryption?