Security News

Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. The solution to meet this call by Google, and other browsers, is to automate certificate management.

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers.

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation code signing certificates. In the incident investigated by the cybersecurity company, an unnamed victim is said to have first received a piece of info stealer malware with EV code signing certificates, followed by ransomware using the same delivery technique.

Among organizations that have suffered data breaches 58% were caused by issues related to digital certificates, according to a report by AppViewX and Forrester Consulting. According to the Forrester study, "Enterprise organizations have traditionally been less focused on managing machine identities compared to human ones, partly because they have different requirements and more complicated lifecycle and security challenges. These digital certificates offer authentication and protect sensitive information. Yet, few are confident in successfully layering and managing identity security across machines and navigating responsibility assignment for privacy and security."

The China-aligned APT group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider. According to SentinelLabs, which analyzed the campaign, the certificate belongs to PMG PTE LTD, a Singaporean vendor of the VPN product 'Ivacy VPN.'.

Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main.com domains for the Microsoft 365 services. At approximately 3:08 PM ET today, a Microsoft 365 advisory 'SP659992' warned that users may be unable to access SharePoint Online and OneDrive for Business.

Cybersecurity Ventures reported there are 3.5 million unfilled cybersecurity positions worldwide this year, and 750,000 of them are in the U.S. In an attempt to address this, as well as the lack of diversity in cybersecurity, Google is offering a Cybersecurity Certificate training program for anyone, including those with no background in coding or computer science. The company said the Google Cybersecurity Certificate, part of the Google Career Certificates portfolio of Coursera classes, offers an alternative to high-ticket collegiate training in cybersecurity, which is a slow pipeline with a high cost of entry.

As part of Google's commitment to building a strong cybersecurity workforce, the Google Cybersecurity Certificate offers an affordable and accessible pathway to a career in cybersecurity. Despite the urgent need to address this threat, there are currently more than 750,000 unfilled cybersecurity jobs in the U.S. We launched the new Cybersecurity Certificate to help employers fill critical roles, and to level the playing field for people of all backgrounds to enter the cybersecurity workforce.

Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings. Attackers would need to find fresh CloudPanel installations to exploit this problem, which is made possible by the third issue discovered by Rapid7.

Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired. The problem appears to be connected to WinGet CDN's SSL/TLS certificate that has now expired.