July 31, 2024 at 06:36AM DigiCert is revoking TLS certificates due to a domain validation issue, affecting websites, applications, and services. The company needs to revoke certificates within 24 hours due to strict CA/Browser Forum rules. The issue was related to validating domain ownership using a DNS CNAME record. Roughly 0.4% of domain validations were … Read more
May 1, 2024 at 10:15AM Google proposed a 90-day limit for digital certificate lifespans, which would significantly impact enterprise certificate management. While this move aims to improve cybersecurity and prepare for quantum-proof certificates, it will also increase complexity for enterprises. Venafi has introduced a 90-Day TLS Readiness solution to automate and manage the transition effectively. … Read more
February 29, 2024 at 06:08AM The SolarWinds attack involved the use of “Golden SAML” technique to forge SAML response tokens and gain access to enterprise networks. Researchers at Semperis have now identified a new version called “Silver SAML,” which does not require access to ADFS and can work with Microsoft Entra ID and other identity … Read more