#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #zero-day
Articles tagged with: #tls Clear filter
DV, OV and EV TLS Certificates

DV, OV and EV TLS Certificates

cybersecurity www.reddit.com

We have a few public-facing applications being proxied through our WAF ( Cloudflare), and hence Cloudflare provides and manages the TLS certificate for encrypting traffic between the Cloudflare servers and end-user browsers. We make use of a paid CA service that issues us publicly trusted TLS certificates that we use to encrypt traffic between the origin server and Cloudflare network. Instead of having to pay for these certificates, we were thinking of replacing them with Lets Encrypt...

#certificate #tls #waf
[iOS 18.6.2] Live Zero-Day: Apple trustd failure silently disabled cert validation system-wide

[iOS 18.6.2] Live Zero-Day: Apple trustd failure silently disabled cert validation system-wide

cybersecurity www.reddit.com

On August 20, 2025 , live logs from a non-jailbroken iPhone 14 running iOS 18.6.2 exposed a critical, system-wide trust failure . Due to a malformed trust anchor reload in trustd , the device temporarily stopped enforcing TLS certificate validation - effectively treating all certificates as valid, including untrusted and potentially malicious ones. Observed impact: App Transport Security (ATS) was silently disabled Minimum RSA, ECDSA, and signature algorithm constraints were set to zero...

#zero-day #certificate #tls
What's the rationale for reporting security headers, cookie flags, etc. in pentests?

What's the rationale for reporting security headers, cookie flags, etc. in pentests?

cybersecurity www.reddit.com

Why do penetration testing reports include findings like missing security headers, weak cookie flags, detailed error messages/stack traces, open directory listings, outdated JS libraries , lack of account lockout/rate limiting, or TLS/SSL weaknesses? What's the rationale behind reporting these issues - is it just best practice, compliance (e.g. OWASP, NIST), or because they are stepping stones for bigger attacks? Which academic references or testing methodologies support including them?...

#nist #tls #ssl