Security News
Microsoft has released the KB5008295 out-of-band update to address Windows 11 issues while opening or using some built-in apps and features due to an expired Microsoft digital certificate. "Devices directly connected to Windows Update and Windows Update for Business should be offered and automatically install KB5008295 to resolve the issues," Microsoft explained.
Apple fixes security feature bypass in macOSApple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers. Good security habits: Leveraging the science behind how humans develop habitsIn this interview with Help Net Security, George Finney, CSO at Southern Methodist University, explains what good security habits are, how to successfully implement them and why are they important.
With the National Security Agency recently issuing guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol Attacks techniques, it has many organizations and enterprise leaders wondering: What are the odds of a wildcard certificate being compromised and/or leading to serious consequences, and how can this prevented? Before IT leaders can truly respond to and mitigate wildcard certificate security risks - and manage wildcard certificates - it's essential to first understand what wildcard certificates are and why it's a common, flexible and helpful, but risky certificate.
In a document released last week, the agency provides mitigations against the risks that come with the use of wildcard certificates. A wildcard digital certificate can be used with multiple subdomains on the same domain, so it can cover multiple servers, while a multi-domain certificate is used for multiple domains on a single IP address.
Nearly two-thirds of enterprises are concerned about how much time is spent managing certificates. The typical enterprise says as many as 1,200 of the certificates are actually unmanaged, and 47% say they frequently discover so-called "Rogue" certificates.
Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme. Installing SSL certificates isn't difficult, but it's a process every Linux administrator will have to take on at some point in their career.
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. Internet Information Services is Microsoft Windows web server software included with all Windows versions since Windows 2000, XP, and Server 2003.
Learn tips on how you can use the Linux openssl command to find critical certificate details. It's important to not only keep an eye on upcoming SSL certificate expirations but to completely verify the success of renewing/replacing these certificates.
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. For anything in production, you'll be purchasing your SSL certificates from a certificate authority, otherwise, you're not really giving those users much assurance.
Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in the U.S. and the UK conducted by Opinium reveals. Most companies rely on digital certificates and digital signatures, but the methods being utilized to manage the technology still leave plenty of room for error and improvement.