Security News

Windows 11 KB5008295 OOB update fixes certificate issue breaking apps
2021-11-05 17:52

Microsoft has released the KB5008295 out-of-band update to address Windows 11 issues while opening or using some built-in apps and features due to an expired Microsoft digital certificate. "Devices directly connected to Windows Update and Windows Update for Business should be offered and automatically install KB5008295 to resolve the issues," Microsoft explained.

Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks
2021-10-31 09:00

Apple fixes security feature bypass in macOSApple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers. Good security habits: Leveraging the science behind how humans develop habitsIn this interview with Help Net Security, George Finney, CSO at Southern Methodist University, explains what good security habits are, how to successfully implement them and why are they important.

The dangers behind wildcard certificates: What enterprises need to know
2021-10-27 04:00

With the National Security Agency recently issuing guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks techniques, it has many organizations and enterprise leaders wondering: What are the odds of a wildcard certificate being compromised and/or leading to serious consequences, and how can this prevented? Before IT leaders can truly respond to and mitigate wildcard certificate security risks - and manage wildcard certificates - it's essential to first understand what wildcard certificates are and why it's a common, flexible and helpful, but risky certificate.

NSA warns of wildcard certificate risks, provides mitigations
2021-10-12 06:23

In a document released last week, the agency provides mitigations against the risks that come with the use of wildcard certificates. A wildcard digital certificate can be used with multiple subdomains on the same domain, so it can cover multiple servers, while a multi-domain certificate is used for multiple domains on a single IP address.

Certificates volume growing, most enterprises considering PKI automation to reduce risks
2021-09-29 03:30

Nearly two-thirds of enterprises are concerned about how much time is spent managing certificates. The typical enterprise says as many as 1,200 of the certificates are actually unmanaged, and 47% say they frequently discover so-called "Rogue" certificates.

How to create Let's Encrypt SSL certificates with acme.sh on Linux
2021-09-23 19:34

Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme. Installing SSL certificates isn't difficult, but it's a process every Linux administrator will have to take on at some point in their career.

Hacked sites push TeamViewer using fake expired certificate alert
2021-09-20 20:15

Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. Internet Information Services is Microsoft Windows web server software included with all Windows versions since Windows 2000, XP, and Server 2003.

How to utilize openssl in Linux to check SSL certificate details
2021-09-13 18:04

Learn tips on how you can use the Linux openssl command to find critical certificate details. It's important to not only keep an eye on upcoming SSL certificate expirations but to completely verify the success of renewing/replacing these certificates.

How to create locally signed SSL certificates with mkcert
2021-08-26 18:38

If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. For anything in production, you'll be purchasing your SSL certificates from a certificate authority, otherwise, you're not really giving those users much assurance.

Managing digital certificates still a challenge, automation lagging
2021-08-09 04:00

Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in the U.S. and the UK conducted by Opinium reveals. Most companies rely on digital certificates and digital signatures, but the methods being utilized to manage the technology still leave plenty of room for error and improvement.