Security News

How to create Let's Encrypt SSL certificates with acme.sh on Linux
2021-09-23 19:34

Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme. Installing SSL certificates isn't difficult, but it's a process every Linux administrator will have to take on at some point in their career.

How to utilize openssl in Linux to check SSL certificate details
2021-09-13 18:04

Learn tips on how you can use the Linux openssl command to find critical certificate details. It's important to not only keep an eye on upcoming SSL certificate expirations but to completely verify the success of renewing/replacing these certificates.

How to create locally signed SSL certificates with mkcert
2021-08-26 18:38

If you need to generate quick SSL certificates for test servers and services, mkcert might be the fastest option available. For anything in production, you'll be purchasing your SSL certificates from a certificate authority, otherwise, you're not really giving those users much assurance.

Microsoft Exchange admin portal blocked by expired SSL certificate
2021-05-23 19:21

The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. Starting at 8 AM EST today, Microsoft Exchange admins who attempted to access the admin portal at admin.

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall
2021-02-07 14:31

The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall products. Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has been patching in their products.

Mimecast discloses Microsoft 365 SSL certificate compromise
2021-01-12 10:33

Email security company Mimecast has disclosed today that a "Sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
2020-09-16 02:45

A group of researchers has detailed a new timing vulnerability in Transport Layer Security protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol to extract the shared secret key used for secure communications between two parties.

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
2020-09-01 09:51

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
2020-09-01 05:25

Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months. The lifespan of SSL/TLS certificates has shrunk significantly over the last decade.

How to enable SSL on Ubuntu Linux for testing
2020-05-15 20:00

When that software requires SSL, you can enable a snake oil SSL key for testing purposes. I cannot tell you how many times I've installed a web-based application for testing purposes, only to find that application requires SSL to function.