Unprotected and poorly managed keys and certificates result in a loss of customers, costly outages, failed audits, and security breaches, according to The Ponemon Institute and Venafi.
Symantec has fired several employees that have been involved in the issuing of rogue certificates for some Google domains.
Malware peddlers don't always have to steal or buy (from sellers on underground forums) legitimate and valid code-signing certificates to sign their malware with - sometimes the certificates can be found just "laying around" in open source software and code repositories.
A Venafi survey of 300 Black Hat USA 2015 attendees reveals that most IT security professionals understand and acknowledge the risks associated with untrustworthy certificates and keys, but take no action.
After last week's revelation that their corporate network has been hit by APT actors wielding a newer version of the infamous, Stuxnet-related Duqu attack toolkit, Kaspersky Lab researchers have shared more details about how the attackers achieved persistence in it.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.