Security News
If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. For anything in production, you'll be purchasing your SSL certificates from a certificate authority, otherwise, you're not really giving those users much assurance.
Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in the U.S. and the UK conducted by Opinium reveals. Most companies rely on digital certificates and digital signatures, but the methods being utilized to manage the technology still leave plenty of room for error and improvement.
Paired with the required DMARC enforcement, VMCs are a critical step in a series of security measures that help strengthen email security, build trust in the inbox and help users associate the brand logo with the company they expect to communicate with. "With BIMI and VMC from DigiCert for DMARC-verified domains, organizations can now demonstrate to their customers a higher level of email security. DigiCert VMCs not only help reduce instances of spam and spoofing customers receive, because of the DMARC requirement, but they also enable organizations to go beyond displaying default email addresses to increase engagement rates and display their brands more prominently."
Google Cloud on Monday announced that its Certificate Authority Service is now generally available. The Google Cloud Certificate Authority Service, for which a public preview was announced in October 2020, is designed to help organizations "Simplify, automate, and customize the deployment, management, and security of private certificate authorities."
An unknown threat actor has compromised the servers of Mongolian certificate authority MonPass and abused the organization's website for malware distribution, according to security researchers at Avast. A major CA in East Asia, MonPass appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times.
In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia's major certificate authorities, to backdoor its installer software with Cobalt Strike binaries. Avast's investigation into the incident began after it discovered the backdoored installer and the implant on one of its customers' systems.
A recent Microsoft Teams update is causing a "Select a certificate" prompt to be displayed to Teams users before they can use the software. Microsoft has acknowledged the bug and is tracking the issue under the 'TM261228' advisory, where they state a recent update to the software is causing the problem.
The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. Starting at 8 AM EST today, Microsoft Exchange admins who attempted to access the admin portal at admin.
There are four primary myths about cloud-based PKI solutions and digital certificate lifecycle automation that have kept organizations from adopting such solutions. Eliminating the pain of manual digital certificate management requires dispelling these myths and learning how to maximize the benefits of today's cloud-based solutions using PKI best practices.
With Minister for the Cabinet Office Michael Gove expected to announce app-based "COVID status certificates," the UK's post-lockdown plan looks set to come under fierce attack. They join other campaign groups, including Liberty, in backing the statement: "We oppose the divisive and discriminatory use of COVID status certification to deny individuals access to general services, businesses or jobs."