Articles about HTTPS

In total, 86 percent of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels, according to a new report.

The study from Zscaler also shows threats over HTTPS grew by 24 percent from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels.

Continue reading →

Decrypting HTTPS (TLS/SSL) traffic at the network perimeter is a vital step in protecting against malware and other online threats. Most of today’s web traffic is encrypted and presents an obvious hiding place for threat actors to deliver cyberattacks, since many network security controls aren’t set to inspect encrypted traffic. Consider recent findings from WatchGuard’s Threat Lab in its Q4 2022 Internet Security Report (ISR). While the report showed an apparent decline in overall malware volume, the Threat Lab analysts found a much higher prevalence of malware being delivered over encrypted connections when they looked closer at decrypted HTTPS traffic. These results came from a mere 20 percent of devices decrypting TLS and indicate the other 80 percent would also show malware volume is up, but hidden -- which mirrors findings from previous quarters.

Despite this trend, it’s common for teams not to enable decryption at the firewall due to the complications it can present. The process requires resources to decrypt and then re-encrypt traffic passing through a gateway device, as well as next-gen firewalls (NGFW) or unified threat management (UTM) appliances that use significant computing horsepower, all which impact network performance. Then, introducing decryption while managing the performance of other security tools and their varying uses could be difficult. Today, however, tabletop UTM/NGFW solutions can perform this process at the speed of the incoming WAN connection. So now, users’ main objection is the initial configuration of TLS/SSL decryption, and the need for exceptions for certain applications.

Continue reading →

It has been a very long time coming, but Microsoft appears to have finally understood the value and importance of HTTPS. For reasons best known to the company, anyone looking to download updates from the Microsoft Update Catalog have had to do so via HTTP links -- but no longer.

In the last few days, Microsoft made a server-side change that means Microsoft Update Catalog downloads now use HTTPS connections. The switch to HTTPS affects everything from Windows 11 to Office, and everything in between.

Continue reading →

A new report from Venafi, based on in-depth security analysis of the world's top million websites over the last 18 months, shows the internet is becoming more secure.

Use of encryption is increasing and the adoption of newer TLS protocols is rising. However, many companies continue to use legacy RSA encryption algorithms to generate keys, despite stronger protocols being available.

Continue reading →

Although most web browsers now automatically switch you to the secure HTTPS (Hyper Text Transfer Protocol Secure) version of a website if you try to go to a non-secure HTTP address, the EFF (Electronic Frontier Foundation) offers another option.

Its HTTPS Everywhere add-on has been protecting users for over a decade now, and automatically sends your browser to the secure version of a site if it exists. Thanks to a new partnership with privacy-focused search engine DuckDuckGo, the tool is about to get even better at redirecting users.

Continue reading →

With privacy and security being so important nowadays, you would think internet users would demand that all websites use the encrypted HTTPS protocol rather than "regular" HTTP. But as usual, humans are often ignorant or lazy when it comes to their own online safety. Ultimately, it is up to corporations to protect us. After all, we can't depend on the government for such oversight (nor would we want to).

Once again, Google is stepping in to better protect its users. This time, the wildly popular Chrome web browser is getting more secure thanks to a simple tweak. You see, in the upcoming version 90 of the browser, the search giant is making HTTPS default when typing in an address in the URL bar. In other words, you will now see https:// instead of http:// unless you specifically type in the latter.

Continue reading →

A new report from WatchGuard Technologies shows that 67 percent of all malware in the first quarter of this year was delivered via HTTPS, so organizations without security solutions capable of inspecting encrypted traffic will miss two-thirds of incoming threats.

In addition, 72 percent of encrypted malware was classified as zero day (meaning no antivirus signature exists for it, and it will evade signature-based protections). The findings suggest that HTTPS inspection and advanced behavior-based threat detection and response solutions are now requirements for every security-conscious organization.

Continue reading →

Privacy-focused search engine DuckDuckGo announced the launch of a new feature today that it calls Smarter Encryption.

Smarter Encryption is designed to upgrade requests to HTTP sites automatically to HTTPS if the site in question supports HTTPS and if it is on DuckDuckGo's list of sites that can be upgraded.

Continue reading →