Security News

There are four primary myths about cloud-based PKI solutions and digital certificate lifecycle automation that have kept organizations from adopting such solutions. Eliminating the pain of manual digital certificate management requires dispelling these myths and learning how to maximize the benefits of today's cloud-based solutions using PKI best practices.

With Minister for the Cabinet Office Michael Gove expected to announce app-based "COVID status certificates," the UK's post-lockdown plan looks set to come under fierce attack. They join other campaign groups, including Liberty, in backing the statement: "We oppose the divisive and discriminatory use of COVID status certification to deny individuals access to general services, businesses or jobs."

An expired certificate has led to the repeated removal of linked American Express credit cards from user's Google Pay accounts. Starting yesterday, Google Pay users with linked American Express cards began receiving emails that Google removed their linked Amex card.

Users worldwide cannot connect to Pulse Secure VPN devices after a code signing certificate used to digitally sign and verify software components has expired. As employees return from the weekend, network admins have been reporting [1, 2, 3, 4] that users cannot connect to Pulse Secure VPN devices and access internal company resources.

HID Global announced the HID HydrantID Account Certificate Manager solution that eliminates manual, risk-prone processes for tracking, installing and renewing privately-issued as well as trusted Secure Socket Layer/Transport Layer Security certificates. "HydrantID ACM solves today's difficult digital certificate lifecycle management problems by providing one secure and convenient cloud-based platform for organizational teams to easily access private Certificate Authority services managed by HydrantID on their behalf," said Brad Jarvis, Senior Vice President & Managing Director, Identity & Access Management Business Area, with HID Global.

As internet standards groups look to boost trust and security through new requirements for shorter certificate lifecycles and online privacy acts introduce increasingly punitive regulatory mandates, the business risks of certificate management are only increasing. How the four pillars of certificate automation are shaping the next normal.

The Tor Project, the nonprofit developers of the Tor network and Tor Browser, have announced two exciting developments for onion services: affordable DV certificates for v3 onion sites from HARICA, and new, easy onion site setup guides. Onion sites are websites that are only accessible over the Tor network: you can spot them because they end in the TLD.onion.

Today, the OpenSSL project has issued an advisory for two high-severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 lurking in OpenSSL products. CVE-2021-3450: An improper Certificate Authority certificate validation vulnerability which impacts both the server and client instances.

A report released Tuesday by threat intelligence firm Check Point Research explains how phony COVID-19 vaccine documents are selling on the Dark Web and how to avoid these fake documents. For individuals who don't have such a certificate or can't wait for a vaccine, the Dark Web is becoming home to fake documents, according to Check Point's analysis.

GLEIF has launched a CA Stakeholder Group to facilitate communication between GLEIF, CAs and TSPs from across the world, as they collectively aim to coordinate and encourage a global approach to LEI usage across digital identity products. The collaboration announcement follows news last year that ISO has standardized the process of embedding LEIs in digital certificates.