-
SSL/TLS certificate lifespans reduced to 47 days by 2029
The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029.
- April 14, 2025
- 01:49 PM
4
-
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
- October 31, 2024
- 11:11 AM
1
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Norway recommends replacing SSL VPN to prevent breaches
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
- May 16, 2024
- 03:07 PM
- 1
-
Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices, tracked as CVE-2023-27997.
- June 11, 2023
- 11:43 AM
- 0
-
CloudPanel installations use the same SSL certificate private key
Self-hosted web administration solution CloudPanel was found to have several security issues, including using the same SSL certificate private key across all installations and unintentional overwriting of firewall rules to default to weaker settings.
- March 23, 2023
- 11:56 AM
- 0
-
Microsoft WinGet package manager failing from expired SSL certificate
Microsoft's WinGet package manager is currently having problems installing or upgrading packages after WinGet CDN's SSL/TLS certificate expired.
- February 11, 2023
- 11:37 PM
- 1
-
Let's Encrypt is revoking lots of SSL certificates in two days
Let's Encrypt will begin revoking certain SSL/TLS certificates issued within the last 90 days starting January 28, 2022. The move could impact millions of active Let's Encrypt certificates.
- January 26, 2022
- 05:38 AM
- 0
-
Firefox users can't reach Microsoft.com — here's what to do
Those using the Mozilla Firefox web browser are left unable to access Microsoft.com domain. Tests by BleepingComputer confirm the issue relates to SSL certificate validation errors. Below we explain what can you do to remedy the issue.
- December 16, 2021
- 03:15 AM
- 6
-
Microsoft Exchange admin portal blocked by expired SSL certificate
The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website.
- May 23, 2021
- 03:21 PM
- 0
-
OpenSSL fixes severe DoS, certificate validation vulnerabilities
OpenSSL has patched two high severity vulnerabilities. These include a Denial of Service (DoS) vulnerability (CVE-2021-3449) and an improper CA certificate validation issue (CVE-2021-3450).
- March 25, 2021
- 12:44 PM
- 0
-
Mimecast discloses Microsoft 365 SSL certificate compromise
Email security company Mimecast has disclosed today that a "sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services.
- January 12, 2021
- 10:33 AM
- 0
-
DHS-CISA urges admins to patch OpenSSL DoS vulnerability
This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately.
- December 09, 2020
- 12:25 PM
- 0
-
Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs
Thousands of domains, including those belonging to high street banks and government organizations are vulnerable to a critical Path Traversal flaw in Fortinet SSL VPN.
- November 22, 2020
- 11:40 AM
- 0
-
GitHub breaks site layout after forgetting to renew certificate
This morning, GitHub's pristine layout vanished in what looks like a miss on the company's part in renewing an SSL certificate. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from loading correctly on GitHub.
- November 02, 2020
- 04:31 PM
- 1
-
Mac users unable to print after Apple revoked HP certificate
Apple macOS X users with HP printers are left unable to print from their computers after Apple revoked a certificate that signed HP's print drivers. The result is print drivers being mistaken for malware.
- October 27, 2020
- 04:24 PM
- 3
-
You have two days left to purchase 2-year TLS/SSL certificates
If you are looking to purchase a 2-year TLS or SSL certificate, you have only two days left before all new certificates will have a maximum 397 day validity period.
- August 30, 2020
- 02:37 PM
- 0
-
Expiring SSL certs expected to break smart TVs, fridges, and IoTs
On May 30th, select Roku streaming channels stopped working, leaving impacted customers clueless with no idea what was wrong.
- June 10, 2020
- 05:46 PM
- 2
-
NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks
The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products.
- November 19, 2019
- 05:26 PM
- 0
-
Microsoft Shares Solutions for Windows TLS Failures, Timeouts
Microsoft has acknowledged a new issue affecting several Windows versions that could lead to Transport Layer Security (TLS) and Secure Sockets Layer (SSL) connections intermittently failing or getting timed out.
- October 31, 2019
- 03:41 PM
- 0
-
Chrome and Firefox Changes Spark the End of EV Certificates
Upcoming changes in Google Chrome and Mozilla Firefox may finally spark the end for Extended Validation certificates as the browsers plan to do away with showing a company's name in the address bar.
- August 14, 2019
- 06:00 PM
- 1
