Security News

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher
2020-06-10 10:00

Expiring root certificates will cause devices like smart TVs and refrigerators to fail in the next few years, security researcher Scott Helme has warned. In order to validate the certificate the client must have a trusted root certificate from the issuing authority, and this, says Helme, is a problem for devices that never get updated.

The mystery of the expiring Sectigo web certificate
2020-06-02 16:48

There's a bit of a kerfuffle in the web hosting community just at the moment over an expired web security certificate from a certificate authority called Sectigo, formerly Comodo Certificate Authority. To make it harder for crooks to mint a web certificate in your name, you need to get your certificate vouched for by someone else, known as a certificate authority.

DigiCert named 2020 Global Company of the Year in TLS certificate market by Frost & Sullivan
2020-05-22 08:01

Frost & Sullivan recognizes DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global TLS certificate market. "Leveraging its superior technology, customizing it to regional markets and building a best-in-class customer support system, DigiCert has captured the business of 89% of the Fortune 500 companies and the world's most recognized brands," said Swetha Krishnamoorthi, Industry Analyst at Frost & Sullivan.

One billion certificates later, Let's Encrypt's crazy dream to secure the web is coming true
2020-04-27 21:40

Today, in part due to the work Let's Encrypt does, roughly 85% of all websites use HTTPS and over one billion certificates have been issued. What about money? Aas may have wanted to give away certificates for free, but building the Let's Encrypt apparatus was anything but free.

Sectigo and Infineon integrate to advance IoT security with automated certificate provisioning
2020-04-20 00:00

Sectigo, a leading provider of automated digital identity management and web security solutions, announced a partnership with Infineon Technologies AG to provide automated certificate provisioning for Infineon's OPTIGA Trusted Platform Module 2.0 using Sectigo IoT Identity Manager. "Including a TPM chip in an IoT device design is the first step in enabling strong authentication and secure communication for IoT devices," explained Alan Grau, VP of IoT/Embedded Solutions at Sectigo.

Entrust Datacard unveils a single portal to discover, control and automate certificate management
2020-04-16 02:00

Entrust Datacard, a leading provider of trusted identity and secure transaction technology solutions, announced the Entrust Datacard Certificate Hub, a portal that allows customers to find, control and automate their public and private certificate deployments via a single pane of glass. "Security-minded enterprises have a critical need to track their certificates and know when they're going to expire. Many enterprises struggle to track their certificates and proactively manage them - their environments have grown too complex and distributed to manage hundreds or thousands of certificates on spreadsheets, which opens weaknesses that attackers prey upon," said Robyn Westerveldt, Research Director, Security & Trust at IDC. "A certificate lifecycle management tool like Certificate Hub helps enterprises deal with complexity by standardizing, simplifying and streamlining certificate discovery, management and automation."

Let's authenticate: Beyond Identity pitches app-wrapped certificate authority
2020-04-14 11:30

Hoping to actually make the long foretold end of passwords happen, a startup called Beyond Identity believes it can hasten the demise of the memory-taxing access ritual by embedding a personal certificate authority into mobile devices. Beyond Identity proposes an app for Apple, Windows, Android and cloud services to handle authentication in a way that doesn't require tapping in a memorized secret.

Cybercriminals increasingly using SSL certificates to spread malware
2020-04-07 13:00

Recent studies have shown that cybercriminals building phishing sites now use SSL as well, complicating efforts by enterprises to keep their employees safe. The Menlo Security research revealed that while 96.7% of all user-initiated web visits are being served over https, only 57.7% of the URL links in emails turn out to be https, which means that web proxies or firewall will be oblivious to the threats unless enterprises turn on SSL inspection.

Let's Encrypt: We Won't Revoke All Certificates Right Now
2020-03-06 14:18

Let's Encrypt planned to revoke more than 3 million TLS certificates on Wednesday after it discovered a bug that allowed an important security check performed during TLS issuance to be bypassed. On March 4, we will revoke 2.6% of currently active Let's Encrypt certificates.

Let's Encrypt Will Not Replace 1 Million Bug-Affected Certificates
2020-03-06 14:09

Free and open certificate authority Let's Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug. A total of 3,048,289 certificates were supposed to be revoked, but Let's Encrypt ultimately decided to leave 1 million of them unreplaced at this time.