Security News
No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app's developers modified – and by doing so introduced security weaknesses,...
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and...
76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. 81% of security leaders believe Google's proposed plans to shorten TLS certificate lifespans from 398 days to 90 days will amplify existing challenges they have around managing certificates.
Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority following what it says was a protracted period of compliance failures. Entrust has apologized to Google, Mozilla, and the wider web community, outlining its plans to regain the trust of browsers, but these appear to be unsatisfactory to both Google and Mozilla.
DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. DigiCert is one of the prominent certificate authorities that provides SSL/TLS certificates, including Domain Validated, Organization Validated, and Extended Validation certificates.
Some Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. Google started testing the post-quantum secure TLS key encapsulation mechanism in August and has now enabled it in the latest Chrome version for all users.
Announced last year, Google's proposal to reduce the lifespan of TLS certificates from 13 months to 90 days could be implemented in the near future. As a result, the new 90-day TLS certificate lifespan proposed by Google will have far-reaching impacts on three areas of corporate IT: DevOps, security and operations.
The suspected man-in-the-middle attack was identified when the administrator of jabber. Ru, the largest Russian XMPP service, received a notification that one of the servers' certificates had expired.
Microsoft has reminded users that TLS 1.0 and 1.1 will soon be disabled by default in Windows. SQL Server 2008 R2 finally dropped out of Extended Security Updates in July, although Microsoft has published instructions for adding TLS 1.2 support.
Microsoft reminded users that insecure Transport Layer Security 1.0 and 1.1 protocols will be disabled soon in future Windows releases. The original TLS 1.0 specification and its TLS 1.1 successor have been used for nearly two decades, with TLS 1.0 initially introduced in 1999 and TLS 1.1 in 2006).