Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap

Emsisoft urges its users to update anti-malware and other security products after signing them with an improperly issued digital certificate.
The post Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap appeared first on S… Continue reading Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap

Understanding Certificate Policies and Practice Statements

Public key infrastructure (PKI) is the sort of technology that most users take for granted. They use it every day in a variety of ways but most don’t even realize it. PKI manages the digital certificates that encrypt sensitive data, secures web browsi… Continue reading Understanding Certificate Policies and Practice Statements

Keyfactor to Acquire PrimeKey to Advance Certificate Automation

Keyfactor announced this week announced it intends to acquire PrimeKey as part of an effort to enable organizations to more easily manage certificates on an end-to-end basis. The company also revealed it has raised an additional $125 million in fundin… Continue reading Keyfactor to Acquire PrimeKey to Advance Certificate Automation

Mimecast confirms SolarWinds attackers breached security certificate, ‘potentially exfiltrated’ credentials

Email security firm Mimecast on Tuesday confirmed that the hackers behind the SolarWinds espionage campaign compromised a software certificate the firm uses to secure connections to Microsoft cloud services. The revelation underscores how deeply embedded the suspected Russian hackers have been in major technology companies as part of a campaign that has also breached multiple U.S. federal agencies. The hackers may have exfiltrated “certain encrypted service account credentials created by customers hosted” in the U.S. and the U.K., the new Mimecast statement reveals. The company said it wasn’t aware of the hackers decrypting or abusing any of the stolen credentials. But it still told its U.S. and U.K.-hosted customers to reset their credentials as a precaution. Mimecast, which says it has 39,000 customers around the world, offers an attractive target for spies looking to burrow into high-value organizations. A stolen software certificate of this type could allow an intruder to […]

The post Mimecast confirms SolarWinds attackers breached security certificate, ‘potentially exfiltrated’ credentials appeared first on CyberScoop.

Continue reading Mimecast confirms SolarWinds attackers breached security certificate, ‘potentially exfiltrated’ credentials

Mimecast breach investigators probe possible SolarWinds connection

Mimecast, a global email security provider, on Tuesday said that one of its software security certificates had been breached by a “sophisticated threat actor” in a targeted operation to access customer emails. London-based Mimecast has a sprawling footprint, claiming some 39,000 customers around the world. The company said 10% of its customers use the particular software implementation involved in the breach, adding that attackers apparently targeted “a low single-digit number” of customers. The illicit access would have allowed attackers to spy on Mimecast clients. The hackers’ methods, and the fact that they targeted Microsoft’s cloud-based email services, have parallels with a suspected Russian hacking campaign that has used tainted software made by contractor SolarWinds to breach multiple U.S. government agencies. A person familiar with the matter told CyberScoop that investigators are examining whether the same attackers who breached SolarWinds also infiltrated Mimecast, a detail first reported by Reuters. “As a […]

The post Mimecast breach investigators probe possible SolarWinds connection appeared first on CyberScoop.

Continue reading Mimecast breach investigators probe possible SolarWinds connection

Let’s Encrypt Will Stop Working For Older Android Devices

Let’s Encrypt was founded in 2012, going public in 2014, with the aim to improve security on the web. The goal was to be achieved by providing free, automated access to SSL and TLS certificates that would allow websites to make the switch over to HTTPS without having to spend …read more

Continue reading Let’s Encrypt Will Stop Working For Older Android Devices

What is Certificate Lifecycle Management?

Using X.509 digital certificates for authentication is an immediate and significant upgrade to credential (password) authentication, but it requires proper support infrastructure. Certificate Lifecycle Management systems (CLM/CLMS), also called Certifi… Continue reading What is Certificate Lifecycle Management?