All posts by Cora Quigley

Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.

Social engineering and how to protect yourself

By now, it probably seems like you know all about how to protect yourself online. You’ve downloaded the antiviruses, implemented the firewalls, your password is uncrackable, and you reckon you could spot a phisher a mile off. But do you know how to protect yourself from social engineering?

Read more

How Google disrupted a massive phishing campaign against YouTubers

Google has released a report outlining how their Threat Analysis Group disrupted an extensive phishing campaign targeting YouTubers with Cookie Theft malware since 2019. Stopping the hackers in their tracks was no mean feat, considering the campaign involved 15,000 fake accounts and sending over 1 million messages to targets.

Read more

SIM swapper who stole over $16K in crypto pleads guilty to aggravated identity theft

A 20-year-old man in Pennsylvania has pleaded guilty to his involvement in a “SIM swap” and cryptocurrency theft scheme. Kyell Bryan carried out the plan in 2019 with several others. After he too pleaded guilty, Jordan Milleson, a co-conspirator in the scheme, was sentenced to two years in federal prison earlier this year.

Read more

Microsoft says it mitigated one of the largest ever DDoS attacks

Microsoft has revealed that in August 2021, it mitigated one of the largest distributed denial of service (DDoS) attacks ever recorded. The 2.4Tbps attack targeted an Azure cloud computing service client based in Europe and surprisingly resulted in minimal downtime for users. The size of the attack is second only to a 2.54Tbps DDoS attack directed at Google in 2017, though higher than any attack ever recorded on Azure previously. 

Read more

The upcoming changes to HTTP domain control validation

There will be a change in the requirements for SSL certificates seeking validation using the HTTP domain control validation (DCV) method in the coming weeks. This change is in keeping with new rules set out by the CA/Browser Forum, which has determined that in some instances, HTTP validation may allow threat actors to obtain SSL certificates for domains they don’t actually own.

Read more

Let’s Encrypt root certificate expiry causes issues for users

Many website owners with SSL certificates issued by Let’s Encrypt faced outages over the past few days. This is due to the expiration of its IdenTrust DST Root CA X3 cross-signed root certificate. Although this root certificate has been replaced by one called ISRG Root X1, many users are still encountering service issues, particularly business owners and their customers. So those worst hit include not only website owners using legacy servers and older devices, but also hosting service companies that failed to update their software, leaving their customers and users without service. 

Read more

WhatsApp finally launching end-to-end encryption for backups

WhatsApp has announced that it will begin offering end-to-end encryption on chats backed up to Google Drive and iCloud on Android and iOS phones. This comes after the messaging service was discovered to be testing encrypted backups in WhatsApp beta for Android in early summer. Although WhatsApp has offered end-to-end protection by default on messages since 2016 (although some might beg to differ), backed-up messages have not been encrypted. 

Read more