#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Lets Encrypt | Breaking Cybersecurity News | The Hacker News

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

Mar 04, 2020
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates. As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name. The Certification Authority Authorization (CAA), an internet security policy, allows domain name holders to indicate to certificate authorities (CAs) whether or not they are authorized to issue digital certificates for a specific domain name. Let's Encrypt considers domain validation results good only for 30 days from the time of validation, after which it rechecks the CAA record authorizing t
WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

Apr 09, 2016
Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure. WordPress – free, open source and the most popular a content management system (CMS) system on the Web – is being used by over a quarter of all websites across the world, and this new move represents a massive shift over to a more secure Internet WordPress announced on Friday that it has partnered with the Electronic Frontier Foundation's " Let's Encrypt " project, allowing it to provide reliable and free HTTPS support for all of its customers that use custom domains for their WordPress.com blogs. Now every website hosted on wordpress.com has an SSL certificate and will display a green lock in the address bar. "For you, the users, that means you'll see secure encryption automatically deployed on ev
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
More than 1 Million Websites Install Free SSL Certificate (and Counting...)

More than 1 Million Websites Install Free SSL Certificate (and Counting...)

Mar 09, 2016
Let's Encrypt has achieved another big milestone by issuing 1 million free Transport Layer Security (TLS) SSL Certificates to webmasters who wish to secure the communications between their users and domains. Let's Encrypt   – operated by the Internet Security Research Group (ISRG) – is an absolutely free, and open source certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. It is just three months and five days since Let's Encrypt launched a beta version of the service, and the group has crossed 1 Million certificates in use across the Web, Let's Encrypt said in a blog post on Tuesday. Let's Encrypt allows anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers. Backed by companies including EFF, Akamai and Mozilla, the Let's Encrypt project started offering Free HTTPS certs to everyone fro
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
How to Install Let's Encrypt Free SSL Certificate On Your Website

How to Install Let's Encrypt Free SSL Certificate On Your Website

Dec 04, 2015
Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone. Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers and to set up HTTPS websites in a few simple steps ( mentioned below ). Let's Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers. Why Let's Encrypt? Let's Encrypt promised to offer a certificate authority (CA) which is: Free – no charge for HTTPS certs. Automatic – the installation, configuration as well as the renewal of the certificates do not require any administrator a
Let's Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers

Let's Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers

Oct 21, 2015
Yes, Let's Encrypt is now one step closer to its goal of offering Free HTTPS certificates to everyone. Let's Encrypt  – the free, automated, and open certificate authority (CA) – has announced that its Free HTTPS certificates are Now Trusted and Supported by All Major Browsers . Let's Encrypt enables any website to protect its users with free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates that encrypt all the Internet traffic passed between a site and users. Not only free, but the initiative also makes HTTPS implementation easier for all website or online shopping site owner to ensure its users that their browser activities and transactions are safe from snoopers. Let's Encrypt issued its first free HTTPS certificate last month and was working with other major browsers to recognize its certificate as a trusted authority. Let's Encrypt achieved a New Milestone Let's Encrypt has received cross-signatures from SSL
Let's Encrypt Project issues its First Free SSL/TLS Certificate

Let's Encrypt Project issues its First Free SSL/TLS Certificate

Sep 16, 2015
Last fall the non-profit foundation EFF ( Electronic Frontier Foundation ) launched an initiative called Let's Encrypt that aimed at providing Free Digital Cryptographic Certificates (TLS) to any website that needs them. Today, Let's Encrypt – a free automated Open-source Certificate Authority (CA) – has signed its first certificate, hitting what it calls a major milestone to encrypt all of the Web. Let's Encrypt enables any Internet site to protect its users with free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates that encrypt all the data passed between a website and users. Not just free, but the initiative also makes HTTPS implementation easier for any website or online shopping site owner in order to ensure the security of their customers' data. "Forget about hours (or sometimes days) of muddling through complicated programming to set up encryption on a website, or yearly fees," EFF explains . "Let's Encr
Free Encryption Project to issue First SSL/TLS Certificates Next Month

Free Encryption Project to issue First SSL/TLS Certificates Next Month

Jun 19, 2015
Let's Encrypt , a project aimed to provide free-of-charge and easier-to-implement way to obtain and use a digital cryptographic certificates (SSL/TLS) to secure HTTPS website, is looking forward to issue its first digital certificates next month. With Let's Encrypt , any webmaster interested in implementing HTTPS for their services can get the certificates for free, which is a great move for encouraging people to encrypt their users' connections to their websites. Let's Encrypt is a combined effort of digital-era rights advocate Electronic Frontier Foundation (EFF), Mozilla Foundation , Cisco Systems , Internet content distributor Akamai Technologies , certificate provider IdenTrust and researchers from the University of Michigan . Generally, the process of implementation of an SSL certificate, including the need to obtain and install a certificate, is complicated for most web developers as it sounds. In most cases, the cost related issues force web adm
Chrome Plans to Mark All 'HTTP' Traffic as Insecure from 2015

Chrome Plans to Mark All 'HTTP' Traffic as Insecure from 2015

Dec 16, 2014
Google is ready to give New Year gift to the Internet users, who are concerned about their privacy and security. The Chromium Project's security team has marked all HTTP web pages as insecure and is planning to explicitly and actively inform users that HTTP connections provide no data security protections. There are also projects like Let's Encrypt , launched by the non-profit foundation EFF (Electronic Frontier Foundation) in collaboration with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the Internet at the beginning of 2015. This is not the first time when Google is taking initiative to encourage website owners to switch to HTTPS by default. Few months ago, the web Internet giant also made changes in its search engine algorithm in an effort to give a slight ranking boost to the websites that use encrypted HTTPS connections. "We, the Chrome Security Team, propose that
Cybersecurity Resources