Found 8 bookmarks
Custom sorting
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.
#welivesecurity#EN#2025#CVE-2024-7344#UEFI#Secure#Boot#vulnerability#certificate
·welivesecurity.com·
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
Certificate Revocation Incident
Certificate Revocation Incident
DigiCert will be revoking certificates that did not have proper Domain Control Verification (DCV). Before issuing a certificate to a customer, DigiCert validates the customer’s control or ownership over the domain name for which they are requesting a certificate using one of several methods approved by the CA/Browser Forum (CABF). One of these methods relies on the customer adding a DNS CNAME record which includes a random value provided to them by DigiCert. DigiCert then does a DNS lookup for the domain and verifies the same random value, thereby proving domain control by the customer..
#digicert#EN#2024#Certificate#Revocation#Incident#DCV
·digicert.com·
Certificate Revocation Incident
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
Let’s Encrypt is proud to introduce Sunlight, a new implementation of a Certificate Transparency log that we built from the ground up with modern Web PKI opportunities and constraints in mind. In partnership with Filippo Valsorda, who led the design and implementation, we incorporated feedback from the broader transparency logging community, including the Chrome and TrustFabric teams at Google, the Sigsum project, and other CT log and monitor operators. Their insights have been instrumental in shaping the project’s direction.
#letsencrypt#EN#2024#transparency#Sunlight#Certificate
·letsencrypt.org·
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Google includes or removes CA certificates within the Chrome Root Store as it deems appropriate for user safety in accordance with our policies. The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability.
#googleblog#EN#2023#Digital#Certificate#Security#Root#TrustCor#Distrust
·security.googleblog.com·
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Google includes or removes CA certificates within the Chrome Root Store as it deems appropriate for user safety in accordance with our policies. The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability.
#googleblog#EN#2023#Digital#Certificate#Security#Root#TrustCor#Distrust
·security.googleblog.com·
Sustaining Digital Certificate Security - TrustCor Certificate Distrust