InfoSecBulletin Cybersecurity for mankind
Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has not been able to handle security issues promptly and has not complied with their requirements.
“Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted [certificate authority] owner,” Google’s Chrome security team said.
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
The tech giant announced that it will no longer trust TLS server authentication certificates from Entrust in Chrome browser versions 127 and higher by default. However, Chrome users and enterprise customers can override these settings if they want to.
Google stated that certificate authorities have an important role in ensuring secure connections between browsers and websites. They also criticized Entrust for not providing incident reports and failing to meet improvement commitments, which puts the internet at risk.
Blocking will occur on Windows, macOS, ChromeOS, Android, and Linux. However, Chrome for iOS and iPadOSThe blocking action will affect Windows, macOS, ChromeOS, Android, and Linux versions of the browser. However, Chrome for iOS and iPadOS will not be affected because of Apple’s policies that prevent the use of the Chrome Root Store.
Users visiting a website with a certificate from Entrust or AffirmTrust will see a warning message about their connection not being secure or private.
Website operators need to switch to a trusted certificate authority by October 31, 2024 to avoid problems. Entrust’s website says that their solutions are trusted by big companies like Microsoft, Mastercard, VISA, and VMware.
“While website operators could delay the impact of blocking action by choosing to collect and install a new TLS certificate issued from Entrust before Chrome’s blocking action begins on November 1, 2024, website operators will inevitably need to collect and install a new TLS certificate from one of the many other CAs included in the Chrome Root Store,” Google said.
