Security News

In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting...

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates...

In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal...

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company...

76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. 81% of security leaders believe Google's proposed plans to shorten TLS certificate lifespans from 398 days to 90 days will amplify existing challenges they have around managing certificates.

Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority following what it says was a protracted period of compliance failures. Entrust has apologized to Google, Mozilla, and the wider web community, outlining its plans to regain the trust of browsers, but these appear to be unsatisfactory to both Google and Mozilla.

Certificate authority DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation.

DigiCert has given some unlucky customers 24 hours to replace their SSL/TLS security certificates it previously issued them - due to a five-year-old blunder in its backend software. The Register has asked exactly how many domains this represents, and we'll let you know if DigiCert can come up with a number.

DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. DigiCert is one of the prominent certificate authorities that provides SSL/TLS certificates, including Domain Validated, Organization Validated, and Extended Validation certificates.

Certificate Watch Demonstrating that Microsoft is not alone in its inability to keep track of certificates is UK power market biz Elexon. Elexon is an important cog in the UK's wholesale electricity market machine and provides operational data via its Insight Solution platform.