Security News > 2020

UPDATE. Popular free certificate authority Let's Encrypt said it will revoke 3 million Transport Layer Security certificates Wednesday, because of a Certificate Authority Authorization bug. Let's Encrypt explained on Tuesday it had to revoke the 3 million certificates because of a CAA bug that impacted the way its software checked domain ownership before issuing certificates.

As a result, companies are not always sure who they are dealing with and the amount of opacity within the supply chain has increased, Conway says. These developments, Conway says, are one reason why the dialogue around supply chain security should be changing and why different approaches are needed.

Ghai is president of RSA, which focuses on helping customers manage digital risk through business-driven security solutions. He is responsible for all aspects of the business and accelerating growth by setting the strategic direction and driving operational execution.

On Wednesday, March 4, Let's Encrypt - the free, automated digital certificate authority - will briefly become Let's Revoke, to undo the issuance of more than three million flawed HTTPS certs. In a post to the service's online forum on Saturday, Jacob Hoffman-Andrews, senior staff technologist at the EFF, said a bug had been found in the code for Boulder, Let's Encrypt's automated certificate management environment.

The U.S. is late to the 5G race. There are multiple strategies that policymakers can pursue to facilitate the near-term rollout of safer and more trusted 5G networks across the country, says Michael Chertoff, executive chairman of The Chertoff Group and former secretary of the Department of Homeland Security.

Google has addressed a high-severity flaw in MediaTek's Command Queue driver that developers said affects millions of devices - and which has an exploit already circulating in the wild. The MediaTek bug meanwhile is an elevation-of-privilege flaw discovered by members of XDA-Developers - they said the bug is more specifically a root-access issue.

Security firm Kaspersky has released a report with startling statistics about IoT security, including the fact that nearly a third of companies with IoT systems faced attacks targeting internet-connected devices in 2019. Many IoT devices will have security certificates that verify their level of security and the best way to protect them.

In an RSA 2020 conference keynote, Cisco's Wendy Nather spoke of "Democratizing security" - thinking differently about the people we serve and secure. She expands on that theme and discusses her role as head of advisory CISOs at Cisco's Duo Security unit.

Mobile payment fraud is growing, and is growing faster in the mobile ecosystem than anywhere else. Just as the targets have evolved with the emergence of mobile as the fraud platform of choice, so too have the payment types evolved.

Why would anyone want to worry about 146,000,000 database entries relating to free Wi-Fi users connecting to a free Wi-Fi service? The problem with the second sort of 'free' Wi-Fi is that the company that's giving you the 'free' service can only really make money out of it - by which we mean that they can only make you pay for it - if they keep track who you are and what you do when you connect.