Security News

Let's Encrypt just announced an infrastructure makeover which means the open certificate authority is able to re-issue up to 200 million certificates in a 24-hour period, something the service said could be necessary in "Some of the worst scenarios." The upgrade comes a year after Let's Encrypt was compromised by a Certificate Authority Authorization bug and was forced to revoke 3 million Transport Layer Security certificates on a single day, March 4, potentially leaving the sites behind them insecure or unavailable.

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect, and Sync and Recover products with Microsoft 365 Exchange Web Services.

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 Exchange. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers seven different digital certificates based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast.

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.

Email security company Mimecast has disclosed today that a "Sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. Earlier this month, BornCity reported that the 'Microsoft Root Authority' certificate in Microsoft's Trusted Root Certification Authorities was expiring at the end of the month, on 12/31/20.

Entrust announced that Entrust Certificate Manager is now available in the ServiceNow Store. With the Entrust Certificate Manager App for ServiceNow, users are able to manage their assets, configuration and digital identities in one place.

Manufacturers can now embed certificates on chipsets prior to and during manufacturing, or directly to an edge device, for complete end-to-end device security. IoT Device Manager is built on DigiCert ONE, which enables rapid, automated PKI deployment as a customer-managed, on-premises or cloud solution, or managed by DigiCert for any environment.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

DigiCert and Atea jointly announced a partnership to launch the new Atea Managed Certificate Service offering insight into certificate health, usage and endpoint vulnerabilities to ensure the best possible customer experience for secure communication. Delivered by Atea Managed Services and powered by core DigiCert CertCentral technology the new service includes the ability to automatically locate, identify, and track all certificates in use with 24/7 monitoring, management and renewals throughout any network and connected device environment.