#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Lets Encrypt | Breaking Cybersecurity News | The Hacker News

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug
Mar 04, 2020
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before issuing new TLS certificates. As a result, the bug opened up a scenario where a certificate could be issued even without adequately validating the holder's control of a domain name. The Certification Authority Authorization (CAA), an internet security policy, allows domain name holders to indicate to certificate authorities (CAs) whether or not they are authorized to issue digital certificates for a specific domain name. Let's Encrypt considers domain validation results good only for 30 days from the time of validation, after which it rechecks the CAA record authorizing t

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain
Apr 09, 2016
Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure. WordPress – free, open source and the most popular a content management system (CMS) system on the Web – is being used by over a quarter of all websites across the world, and this new move represents a massive shift over to a more secure Internet WordPress announced on Friday that it has partnered with the Electronic Frontier Foundation's " Let's Encrypt " project, allowing it to provide reliable and free HTTPS support for all of its customers that use custom domains for their WordPress.com blogs. Now every website hosted on wordpress.com has an SSL certificate and will display a green lock in the address bar. "For you, the users, that means you'll see secure encryption automatically deployed on ev

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

More than 1 Million Websites Install Free SSL Certificate (and Counting...)

More than 1 Million Websites Install Free SSL Certificate (and Counting...)
Mar 09, 2016
Let's Encrypt has achieved another big milestone by issuing 1 million free Transport Layer Security (TLS) SSL Certificates to webmasters who wish to secure the communications between their users and domains. Let's Encrypt   – operated by the Internet Security Research Group (ISRG) – is an absolutely free, and open source certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. It is just three months and five days since Let's Encrypt launched a beta version of the service, and the group has crossed 1 Million certificates in use across the Web, Let's Encrypt said in a blog post on Tuesday. Let's Encrypt allows anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers. Backed by companies including EFF, Akamai and Mozilla, the Let's Encrypt project started offering Free HTTPS certs to everyone fro

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

How to Install Let's Encrypt Free SSL Certificate On Your Website

How to Install Let's Encrypt Free SSL Certificate On Your Website
Dec 04, 2015
Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone. Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS ( Secure Socket Layer/Transport Layer Security ) certificates for their web servers and to set up HTTPS websites in a few simple steps ( mentioned below ). Let's Encrypt – an initiative run by the Internet Security Research Group (ISRG) – is a new, free, and open certificate authority recognized by all major browsers , including Google's Chrome, Mozilla's Firefox and Microsoft's Internet Explorer. The Free SSL Certification Authority is now in public beta after testing a trial among a select group of volunteers. Why Let's Encrypt? Let's Encrypt promised to offer a certificate authority (CA) which is: Free – no charge for HTTPS certs. Automatic – the installation, configuration as well as the renewal of the certificates do not require any administrator a

Let's Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers

Let's Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers
Oct 21, 2015
Yes, Let's Encrypt is now one step closer to its goal of offering Free HTTPS certificates to everyone. Let's Encrypt  – the free, automated, and open certificate authority (CA) – has announced that its Free HTTPS certificates are Now Trusted and Supported by All Major Browsers . Let's Encrypt enables any website to protect its users with free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates that encrypt all the Internet traffic passed between a site and users. Not only free, but the initiative also makes HTTPS implementation easier for all website or online shopping site owner to ensure its users that their browser activities and transactions are safe from snoopers. Let's Encrypt issued its first free HTTPS certificate last month and was working with other major browsers to recognize its certificate as a trusted authority. Let's Encrypt achieved a New Milestone Let's Encrypt has received cross-signatures from SSL

Let's Encrypt Project issues its First Free SSL/TLS Certificate

Let's Encrypt Project issues its First Free SSL/TLS Certificate
Sep 16, 2015
Last fall the non-profit foundation EFF ( Electronic Frontier Foundation ) launched an initiative called Let's Encrypt that aimed at providing Free Digital Cryptographic Certificates (TLS) to any website that needs them. Today, Let's Encrypt – a free automated Open-source Certificate Authority (CA) – has signed its first certificate, hitting what it calls a major milestone to encrypt all of the Web. Let's Encrypt enables any Internet site to protect its users with free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates that encrypt all the data passed between a website and users. Not just free, but the initiative also makes HTTPS implementation easier for any website or online shopping site owner in order to ensure the security of their customers' data. "Forget about hours (or sometimes days) of muddling through complicated programming to set up encryption on a website, or yearly fees," EFF explains . "Let's Encr

Free Encryption Project to issue First SSL/TLS Certificates Next Month

Free Encryption Project to issue First SSL/TLS Certificates Next Month
Jun 19, 2015
Let's Encrypt , a project aimed to provide free-of-charge and easier-to-implement way to obtain and use a digital cryptographic certificates (SSL/TLS) to secure HTTPS website, is looking forward to issue its first digital certificates next month. With Let's Encrypt , any webmaster interested in implementing HTTPS for their services can get the certificates for free, which is a great move for encouraging people to encrypt their users' connections to their websites. Let's Encrypt is a combined effort of digital-era rights advocate Electronic Frontier Foundation (EFF), Mozilla Foundation , Cisco Systems , Internet content distributor Akamai Technologies , certificate provider IdenTrust and researchers from the University of Michigan . Generally, the process of implementation of an SSL certificate, including the need to obtain and install a certificate, is complicated for most web developers as it sounds. In most cases, the cost related issues force web adm

Chrome Plans to Mark All 'HTTP' Traffic as Insecure from 2015

Chrome Plans to Mark All 'HTTP' Traffic as Insecure from 2015
Dec 16, 2014
Google is ready to give New Year gift to the Internet users, who are concerned about their privacy and security. The Chromium Project's security team has marked all HTTP web pages as insecure and is planning to explicitly and actively inform users that HTTP connections provide no data security protections. There are also projects like Let's Encrypt , launched by the non-profit foundation EFF (Electronic Frontier Foundation) in collaboration with big and reputed companies including Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for those running servers on the Internet at the beginning of 2015. This is not the first time when Google is taking initiative to encourage website owners to switch to HTTPS by default. Few months ago, the web Internet giant also made changes in its search engine algorithm in an effort to give a slight ranking boost to the websites that use encrypted HTTPS connections. "We, the Chrome Security Team, propose that
Cybersecurity Resources