Security News
Apple macOS X users with HP printers are left unable to print from their computers after Apple revoked a certificate that signed HP's print drivers. As observed by BleepingComputer, when printing a document from a MacBook running macOS Catalina and Mojave users with HP printers.
Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files. The flaw allows an attacker to combine a legitimately signed Microsoft Windows Installer package with the attacker's JAR file into an encapsulating JAR file.
Beginning September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less. Since many organizations lack the automation capabilities necessary to replace certificates with short lifespans at machine scale and speed, they are likely to see sharp increases in outages caused by unexpected certificate expirations.
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months. The lifespan of SSL/TLS certificates has shrunk significantly over the last decade.
ISO has defined a standard approach for Certification Authorities to embed Legal Entity Identifiers within digital certificates. The move to simplify LEI integration paves the way for all digital certificates to be linked by a universal identifier to verified and regularly updated entity reference data, in a freely accessible repository, and also can contain the certificate owner's role within a legal entity.
DigiCert Automation Gateway launches with integration into DigiCert CertCentral in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organizations the confidence to widely deploy automation protocols within their company networks to provide greater agility.
Mozilla is the latest browser maker to have announced updated policies that would reduce the lifetime of TLS certificates. Currently, SSL/TLS certificates have a maximum lifespan of 825 days in an attempt to ensure better protection of HTTPS connections, browser makers such as Apple, Google and Mozilla are looking into reducing that period to 398 days.
Digicert is one of the Big Five commercial CAs, short for certificate authorities - companies that sign and vouch for the digital certificates that put the the S in HTTPS and the padlock in your browser's address bar. The simplest form of web certificate is called self-signed, and anyone can create a self-signed certificate in seconds that claims to represent any web property they like.
A notice emitted by the certificate biz explained that a number of its intermediate certificate authorities had issued EV certs to customers despite not being included in DigiCert's WebTrust audits - which goes against the rules for EV certs. "Although there is no security threat, the EV Guidelines require that we revoke EV certificates signed by the affected ICAs by July 11, 2020 at 12pm MDT.".