Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
Stay updated on certificate-related infosec topics, including SSL/TLS, PKI, and digital certificate management for robust cyber security.
Search across headline titles and summaries.
Background for this topic.
Digital certificates are electronic documents that verify the ownership of a public cryptographic key by an individual, organization, or device. Issued by trusted Certificate Authorities (CAs) within a Public Key Infrastructure (PKI), certificates enable secure communication by confirming identities and supporting encryption protocols like TLS. They include information such as the subject’s name, public key, issuer, validity period, and digital signature from the CA.
Security concerns with certificates focus on risks like CA compromise or fraudulent issuance, which can allow attackers to impersonate legitimate entities and intercept or alter encrypted traffic. Expired or revoked certificates may cause connection failures or be exploited if clients do not properly validate them. Effective certificate lifecycle management—including timely renewal, revocation checking (via CRLs or OCSP), and monitoring for unauthorized certificates—is essential to maintaining trust and preventing man-in-the-middle attacks or unauthorized access.
Weekly headline count for the current query.
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
Microsoft has revoked over 200 fraudulent code-signing certificates used in a ransomware campaign involving fake Teams installers by threat group Vanilla Tempest
CA/Browser Forum members have voted in favor of shortening TLS/SSL certificate lifespans to 47 days
The move follows a series of reported compliance failures and lack of progress in addressing publicly disclosed incidents
Attempts can lead to unauthorized access to important company resources
Lookout attributed WyrmSpy and DragonEgg to APT41 due to overlapping Android signing certificates
One of them, CVE-2023-37201, involved a use-after-free issue in WebRTC certificate generation
Attempt to trick network defenders into allow-listing remote access app
Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom
Free certificate authority serves over 300 million websites
According to Symantec, the targeting of a certificate authority was notable
The group is characterized by the use of a stolen digital certificate issued by DEEPSoft