09-30-2021

Latest News in TLS/SSL: September 2021

Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series..

TLS News

  • In September the number of web certificates in use surpassed 100 million for the first time. According to Netcraft, there were 100,323,811 valid certificates, an increase of 1.39% since August.
  • Apple is depreciating TLS 1.0 and 1.1 in both iOS and macOS. Currently, TLS 1.0 and 1.1 are not supported in iOS 15 and macOS 12, but all support will be removed in the future.
  • Let’s Encrypt’s root certificate, IdentTrust DST Root CA X3, expired Sept. 30. Any devices that do not trust the new the ISRG Root X1 root certificate will experience warnings on any sites with Let’s Encrypt certificates after Sept. 30.
  • The EFF announced plans to deprecate HTTPS Everywhere since HTTPS has been widely adopted.

Data breaches

Vulnerabilities

  • Apple released an emergency software update Sept. 13 for a vulnerability in iPhone, iPad, Apple Watches and Mac Computers that allowed an advanced form of spyware from NSO Group, an Israeli company.
  • An attacker released nearly 90,000 credential sets for FortiGate SSL VPN devices. Users should reset their passwords to protect against network attacks.

Government regulation

  • The U.S. Office of Management and Budget released a draft of the Federal Zero Trust Strategy, which will help move government agencies to a baseline of zero trust.
  • U.S. President Joe Biden issued security guidance for companies to curb cyberattacks, especially following the recent hacks on U.S. companies.

Malware

Digital Signatures

Internet of Things

  • A new report by DigitalEurope found that the Internet of Things is missing product legislation for cybersecurity and lacks monitoring throughout a product’s lifecycle. The researchers recommend that the EU Commission launches proposals for legislation as soon as possible.
UP NEXT

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

Featured Stories

VMC Blog Featured Image

Getting Your Logo in Your User's Inbox: Tips Learned from the VMC Gmail Pilot

What Makes Digital Signatures Secure

How Vaccine Passports Could Change Digital Identity