Scott Helme, the well-known security researcher, international speaker and the founder of the securityheaders.com and report-uri.com free tools for web security, has devoted himself to improving the security environment of the internet for the past decade. Threatpost sat down with Helme to discuss the state of web security, particularly on the encryption front — including certificate...

Malware can to worm its way onto Macs thanks to a recently discovered code-signing bypass flaw.

Leading certificate authority Let’s Encrypt is facing criticism that its rapid growth and eagerness to encrypt internet communications is happening at a cost.

Certificate authority Let’s Encrypt said this week it will begin offering wildcard certificates in 2018.

The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns.

Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys.

Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign.

Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.

Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.

Amazon is getting into the certificate game. The company announced late last week that it launched a certificate manager to expedite the process of securing SSL/TLS certificates for customers looking to add HTTPS to their sites or apps. The move comes less than a year after Amazon applied to Mozilla and the Android Open Source...