Qantas data breach could affect 6 million customers https://www.helpnetsecurity.com/2025/07/02/qantas-cyber-incident-data-breach/ #ClosedDoorSecurity #socialengineering #databreach #Don'tmiss #Australia #Hotstuff #Entrust #Qantas #News #FBI

Qantas data breach could affect 6 million customers https://www.helpnetsecurity.com/2025/07/02/qantas-cyber-incident-data-breach/ #ClosedDoorSecurity #socialengineering #databreach #Don'tmiss #Australia #Hotstuff #Entrust #Qantas #News #FBI
Wave of tech layoffs leads to more job scams https://www.helpnetsecurity.com/2025/05/08/job-employment-scams/ #cybersecurity #Malwarebytes #CrowdStrike #cybercrime #Don'tmiss #Entrust #scams #News #tips #FTC
Infosec products of the month: April 2025 https://www.helpnetsecurity.com/2025/05/02/infosec-products-of-the-month-april-2025/ #ArcticWolfNetworks #RunSafeSecurity #SkyhawkSecurity #CatoNetworks #IndexEngines #SealSecurity #StellarCyber #Bitdefender #Seemplicity #AbnormalAI #Flashpoint #PowerDMARC #1touch.io #Forescout #AppViewX #BitSight #Bugcrowd #LastPass #PlexTrac #Swimlane #Veracode #CyberQP #Entrust #Exabeam #Saviynt #Varonis #Cyware #News #Jit
@kde@floss.social @kde@lemmy.kde.social
"Speaking of accessibility, the accessibility of the main view of Dolphin was completely overhauled to make it work with screen readers. This work was funded by NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme"
https://invent.kde.org/system/dolphin/-/merge_requests/837
Thanks KDE and @NGIZero !
@hlindqvist : the most important problem by far is that browser users do not know who is responsible for a website with a given domain name. This enormously exacerbates the phishing problem.
The main reason why I mention the mis-issued certs is that Google et al. kept complaining about mis-issued OV and EV certs, and insisted that QWAC's would be mis-issued to governments for spying purposes; DV-certs would be safe.
Google is now even destroying Entrust because of mis-issuance (https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html - not that I have any opinion about Entrust, but GTS = Google "Trust" services issues certs to cybercriminals all the time).
Apparently there are no penalties for mis-issuing DV certs, or issuing them to cybercriminals - in particular when they use domain names clearly intended for phishing purposes. That *could* be a legitimate choice, but then users should be made aware what type of cert a website uses, in order to have necessarily trustworthy websites return to using more trustworthy certificates.
We are being lied to that DV-certs are fine. They are not. Not only because the domain owner is anonymous and users see no difference between websites with DV vs more usable certs, but now there's plenty of proof that DV certs get mis-issued as well.
A DV cert may be fine for your home NAS, but as long as people cannot distinguish between websites with untrustworthy versus more trustworthy certs, cybercrime will continue to flourish - and probably become an even bigger problem.
On this insanely insecure internet, the EU wants their citizens to start using EDIW's (European Digital Identity Wallet).
It's primarily in your own interest if websites that demand that you authenticate using EDIW *are" trustworthy. If you have no way to know, they may AitM you to authenticate *them* as *you* on some other website. They'll be able to get credit cards registered on *your* name (highly trustworthy because of EDIW), but THEY will be draining that credit card. Good luck with proving "it wasn't me".
Three important facts that are often overlooked:
1) The easier impersonation is, the less reliable authentication is.
2) Authentication mandates that BOTH parties are reliable.
3) It is extremely hard, if not impossible, to overestimate the risks of AitM attacks.
New Chrome Security Rules—Google Gives Websites Until 11/1 To Comply
Google to Block Entrust Certificates in Chrome Starting November 2024
https://thehackernews.com/2024/06/google-to-block-entrust-certificates-in.html #Webbrowser #Browser #Chrome #Entrust #Certificates
Google Chrome: Warum Nutzer bald diese Warnung sehen
https://t3n.de/news/google-chrome-entrust-vertrauenszertifikat-1633008/ #Webbrowser #Browser #Chrome #Zertifizierungsstelle #Entrust
Before October 2024 run this query on shodan:
ssl.cert.issuer.cn:Entrust ssl.cert.subject.cn:your commonname
Then get a Let's Encrypt certificate (and don't forget to support them).
Google will no longer trust certificates from two large security firms — Entrust or AffirmTrust — due to repeated security lapses.
#google #security #certificates #entrust #affirmtrust
https://tchlp.com/Og0znU
Google will no longer trust certificates from two large security firms — Entrust or AffirmTrust — due to repeated security lapses.
#google #security #certificates #entrust #affirmtrust
https://tchlp.com/Og0znU
Wer immer noch #Entrust nutzt, renne.
Lack of skills and budget slow zero-trust implementation https://www.helpnetsecurity.com/2024/05/31/zero-trust-implementation-driver-for-organizations/ #cybersecurity #zerotrust #Entrust #report #survey #News