Security news aggregator

Latest coverage for Certificates

Stay updated on certificate-related infosec topics, including SSL/TLS, PKI, and digital certificate management for robust cyber security.

16 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Digital certificates are electronic documents that verify the ownership of a public cryptographic key by an individual, organization, or device. Issued by trusted Certificate Authorities (CAs) within a Public Key Infrastructure (PKI), certificates enable secure communication by confirming identities and supporting encryption protocols like TLS. They include information such as the subject’s name, public key, issuer, validity period, and digital signature from the CA.

Security concerns with certificates focus on risks like CA compromise or fraudulent issuance, which can allow attackers to impersonate legitimate entities and intercept or alter encrypted traffic. Expired or revoked certificates may cause connection failures or be exploited if clients do not properly validate them. Effective certificate lifecycle management—including timely renewal, revocation checking (via CRLs or OCSP), and monitoring for unauthorized certificates—is essential to maintaining trust and preventing man-in-the-middle attacks or unauthorized access.

Volume over time

Weekly headline count for the current query.

Showing 16 most recent headlines Filtered view
Bank Info Security 6 months, 2 weeks ago

Why 47-Day TLS and SSL Certificate Renewal Cycles Alarm CIOs

Visibility Gaps Increase the Risk of Certificate-Driven OutagesMoving to 47-day TLS and SSL certificate renewal cycles by 2029 will turn certificate management into an enterprise risk. "Automation and crypto-governance are now board-level imperatives. Enterprises can prepare for continuous renewal cycles without losing resilience," says Sectigo CEO Kevin Weiss.

Bank Info Security 10 months, 4 weeks ago

Automation Alert Sounds as Certificates Set to Expire Faster

Maximum Validity of Public TLS Certificates Will Drop From 398 Days to Just 47 DaysThe future of managing digital certificates is already here - it's just not evenly distributed yet. With the public TLS certificate validity period set to drop to just 47 days, as well as the need to migrate to quantum-safe encryption, experts see automation as key to achieving crypto agility.

Real-Time, Deep Cryptographic Discovery Added to Certificate Automation PortfolioKeyfactor is acquiring CipherInsights and InfoSec Global in a move designed to shift cryptographic security earlier in the lifecycle. The acquisitions offer real-time and deep discovery capabilities to help customers identify and remediate cryptographic weaknesses ahead of quantum disruption.

Bank Info Security 1 year, 2 months ago

Zero Trust and Automation Crucial for Securing IoT Devices

Device Authority's Antill on Secure-by-Design and Continuous AuthenticationMany IoT devices were never designed with modern authentication - making them easy targets. Even when certificates are used for authentication, Darron Antill, CEO of Device Authority, points out that frequent expiration and limited visibility create operational and security risks over time.

Bank Info Security 1 year, 3 months ago

Medusa Ransomware Brings Its Own Vulnerable Driver

Hackers Use Stolen Certificates to Bypass Endpoint Detection and ResponseA Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections.

PE Firm Takes Majority Stake to Drive Certificate Lifecycle Management InnovationPrivate equity firm Haveli has purchased a majority stake in AppViewX to scale globally, targeting automation in certificate lifecycle management and public key infrastructure. CEO Gregory Webb says the acquisition will fund international expansion and next-gen technology investments.

Google Designates Entrust 'Untrustworthy' After Years of 'Concerning Behaviors'What's the worst-case scenario for a certificate authority? Citing years of "concerning behaviors," Google and Mozilla are set to treat all new digital certificates issued with Entrust as "untrustworthy," and have urged users to obtain new certificates from a trusted CA.

Bank Info Security 1 year, 10 months ago

Florida Department of Health Informs RansomHub Hack Victims

Cybercriminal Group Claims to Have Published 100 Gigabytes of Agency's Stolen DataTwo months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.

Bank Info Security 2 years, 5 months ago

AnyDesk Confirms Systems Hacked, Triggers Password Reset

Company Says Problem Remediated, All Security-Related Certificates RevokedRemote desktop application provider AnyDesk acknowledged hackers recently gained unauthorized access to the company's production systems in a cyberattack. The firm said it revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.

Bank Info Security 2 years, 5 months ago

AnyDesk Confirms Cyber Incident, Pushes Out Password Reset

Company Says Problem Remediated, All Security-Related Certificates RevokedRemote desktop application provider AnyDesk acknowledged hackers recently gained unauthorized access to the company's production systems in a cyberattack. The firm said it revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.