Jul 31, 2024Ravie LakshmananWeb Security / Compliance Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper … [Read more...] about DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight
certificates
Google to Block Entrust Certificates in Chrome Starting November 2024
Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several years, publicly disclosed … [Read more...] about Google to Block Entrust Certificates in Chrome Starting November 2024
Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report … [Read more...] about Hackers Sign Android Malware Apps with Compromised Platform Certificates
New BLISTER Malware Using Code Signing Certificates to Evade Detection
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware … [Read more...] about New BLISTER Malware Using Code Signing Certificates to Evade Detection
Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months (825 days).In a move that's meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) … [Read more...] about Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today