Microsoft's Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. In other words, update those PCs soon.
Stay updated on certificate-related infosec topics, including SSL/TLS, PKI, and digital certificate management for robust cyber security.
Search across headline titles and summaries.
Background for this topic.
Digital certificates are electronic documents that verify the ownership of a public cryptographic key by an individual, organization, or device. Issued by trusted Certificate Authorities (CAs) within a Public Key Infrastructure (PKI), certificates enable secure communication by confirming identities and supporting encryption protocols like TLS. They include information such as the subject’s name, public key, issuer, validity period, and digital signature from the CA.
Security concerns with certificates focus on risks like CA compromise or fraudulent issuance, which can allow attackers to impersonate legitimate entities and intercept or alter encrypted traffic. Expired or revoked certificates may cause connection failures or be exploited if clients do not properly validate them. Effective certificate lifecycle management—including timely renewal, revocation checking (via CRLs or OCSP), and monitoring for unauthorized certificates—is essential to maintaining trust and preventing man-in-the-middle attacks or unauthorized access.
Weekly headline count for the current query.
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. In other words, update those PCs soon.
Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to one-tenth their previous size, decreasing latency and adding transparency.
The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.
Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks.
Security researchers say multiple threat groups, including Iran's Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company.
The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures.
ISC2 is launching a 6-course certification program to address the growing demand for AI security expertise. Courses cover topics such as AI fundamentals, ethics, and risks.
With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.
The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.
Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.
A Kentucky man used stolen doctor credentials to fake his own death certificate to avoid paying a six-figure child support debt.
Latest version of CSA’s Cloud Security Knowledge Certificate provides a comprehensive catalog of the essential skills cybersecurity professionals need to master.
CyberArk's $1.54 billion agreement to buy Venafi is a sign of how human and machine identities will converge with certificate lifecycle management.
The acquisition gives CyberArk new IoT identity and certificate lifecycle management, cryptographic code-signing, and other services to secure the enterprise cloud.
Production systems at the remote access company were breached, leading AnyDesk to revoke code signing certificate and reset Web portal credentials as part of its incident response.
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.