Security News

GLEIF CA Stakeholder Group accelerates integration of LEIs in digital certificates
2021-03-15 01:30

GLEIF has launched a CA Stakeholder Group to facilitate communication between GLEIF, CAs and TSPs from across the world, as they collectively aim to coordinate and encourage a global approach to LEI usage across digital identity products. The collaboration announcement follows news last year that ISO has standardized the process of embedding LEIs in digital certificates.

Recent Google Voice outage caused by expired certificates
2021-02-28 14:25

In an incident report published on Friday, Google said that a Google Voice outage affecting a majority of the telephone service's users earlier this month was caused by expired TLS certificates. During regular operation, voice calls made through Google Voice are controlled using the Session Initiation Protocol, with client devices immediately retrying their connection to the service once it breaks.

Google Voice silenced by expired TLS certificate in February outage
2021-02-28 14:25

In an incident report published on Friday, Google said that a Google Voice outage affecting a majority of the telephone service's users earlier this month was caused by expired TLS certificates. During regular operation, voice calls made through Google Voice are controlled using the Session Initiation Protocol, with client devices immediately retrying their connection to the service once it breaks.

Let’s Encrypt Gears Up to Replace 200M Certificates a Day
2021-02-16 21:47

Let's Encrypt just announced an infrastructure makeover which means the open certificate authority is able to re-issue up to 200 million certificates in a 24-hour period, something the service said could be necessary in "Some of the worst scenarios." The upgrade comes a year after Let's Encrypt was compromised by a Certificate Authority Authorization bug and was forced to revoke 3 million Transport Layer Security certificates on a single day, March 4, potentially leaving the sites behind them insecure or unavailable.

Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack
2021-01-13 12:03

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect, and Sync and Recover products with Microsoft 365 Exchange Web Services.

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365
2021-01-13 00:41

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 Exchange. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers seven different digital certificates based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast.

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
2021-01-12 18:35

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.

Mimecast discloses Microsoft 365 SSL certificate compromise
2021-01-12 10:33

Email security company Mimecast has disclosed today that a "Sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

Microsoft: Don't delete Windows 10 root certificate expiring this month
2020-12-22 13:29

A Microsoft root certificate is expiring at the end of this month, and Microsoft warns that removing it could cause problems with the operating system. Earlier this month, BornCity reported that the 'Microsoft Root Authority' certificate in Microsoft's Trusted Root Certification Authorities was expiring at the end of the month, on 12/31/20.

Entrust Certificate Manager now available in the ServiceNow Store
2020-12-18 01:15

Entrust announced that Entrust Certificate Manager is now available in the ServiceNow Store. With the Entrust Certificate Manager App for ServiceNow, users are able to manage their assets, configuration and digital identities in one place.