Google's Chrome browser is making a significant security move by distrusting certificates issued by Entrust, a prominent Certificate Authority (CA), beginning late 2024. This decision throws a wrench into the operations of numerous websites including those of major organizations like Bank of America, ESPN, and IRS.GOV, among others.

Digital certificates (SSL/TLS) play a vital role in ensuring secure connections between users and websites. These certificates issued by trusted CAs act as a security seal - more like a blue tick for websites - and helps users gauge the legitimacy of the website. It also ensures an encrypted communication to prevent data breaches.

However, Chrome is removing Entrust from its list of trusted CAs due to a concerning pattern of "compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress" over the past six years. Entrust's repeated shortcomings in upholding security standards have led Google to lose confidence in their ability to act as a reliable CA.

"It is our opinion that Chrome’s continued trust in Entrust is no longer justified." - Google Chrome

This move also extends to AffirmTrust, a lesser-known provider acquired by Entrust. While these certificates account for only a small fraction (0.1%) compared to Let's Encrypt (49.7%), the impact is still significant considering organizations like Bank of America, BookMyShow, ESPN and even government websites like IRS.gov, which have high internet traffic volumes, are also certified by Entrust.

[caption id="attachment_79569" align="aligncenter" width="1024"] Bank of America and IRS.gov certificates as displayed on Chrome Certificate Viewer[/caption]

What This Means for Users and Website Owners

Starting November 1, 2024, Chrome users encountering websites with distrusted Entrust certificates will be met with a full-page warning proclaiming the site as "not secure."

[caption id="attachment_79563" align="aligncenter" width="1024"] Sample of how Chrome will display warning for websites having a certificate from Entrust or AffirmTrust (Source: Google)[/caption]

This warning only applies to certificates issued after October 31, 2024, providing a grace period for websites with existing Entrust certificates. However, as certificates have lifespans, website owners must transition to a different CA before expiration. Considering its market share Let's Encrypt, a free and trusted option, comes highly recommended.

This shift is crucial for maintaining a secure web environment. When a CA fails to meet expectations, it jeopardizes the entire internet ecosystem. Chrome's decision prioritizes user protection by eliminating trust in potentially compromised certificates.

Website owners using impacted Entrust certificates should act swiftly to switch to a different CA. The Chrome Certificate Viewer can be used to identify certificates issued by Entrust. While this may seem inconvenient, it's necessary to ensure continued user access without security warnings.

Potential Workaround Only on Internal Networks

Large organizations managing internal networks have some leeway. Chrome allows enterprises to bypass these changes by installing the affected certificates as trusted on their local networks. This ensures internal websites using these certificates function normally.

The Entrust Controversy: A Deeper Look

Further context emerges from discussions on Mozilla's Bug Tracker (Bug 1890685). It reveals a critical issue – Entrust's failure to revoke a specific set of Extended Validation (EV) TLS certificates issued between March 18 and 21, 2024. This violated their own Certification Practice Statement (CPS).

Entrust opted against revoking the certificates, citing potential customer confusion and denying any security risks. However, this decision sparked outrage. Critics emphasized the importance of proper revocation procedures to uphold trust in the CA system. Entrust's prioritization of customer convenience over security raised concerns about their commitment to strict adherence to security best practices.

A detailed post on Google Groups by Mike Shaver sheds further light on the situation. Shaver expresses doubt in Entrust's ability to comply with WebPKI and Mozilla Root Store Program (MRSP) requirements. Despite attempts to address these concerns, Entrust's handling of certificate revocation, operational accountability, and transparency remain under scrutiny.

Shaver points out Entrust's tendency to prioritize customer convenience over strict adherence to security standards. He also criticizes the lack of detailed information regarding organizational changes and Entrust's failure to meet Mozilla's incident response requirements. Until Entrust demonstrates substantial improvements and transparency, continued trust in their certificates poses a significant risk to the overall web PKI and the security of internet users.

But this is not the end of it. In fact it is just the tip of the ice berg. Shaver's comments in the forum are in response to a host of compliance incidents between March and May related to Entrust. Ben Wilson summarized these recent incidents in a dedicated wiki page.

"In brief, these incidents arose out of certificate mis-issuance due to a misunderstanding of the EV Guidelines, followed by numerous mistakes in incident handling including a deliberate decision to continue mis-issuance," Wilson said.

This is a very serious shortcoming on Entrust's behalf considering the stringent norms and root store requirements, he added.

However, Chrome's decision to distrust Entrust certificates sends a strong message – prioritizing user safety requires holding CAs accountable for upholding the highest security standards.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

In the aftermath of the Synnovis ransomware attack that struck last week, London hospitals continue to struggle to deliver patient care at an optimal level. The attack on the pathology services provider has brought down the daily blood sampling count in major London hospitals from 10,000 to merely 400 per day, according to Synnovis.

“Urgent requests are severely restricted at around 400 a day. Historically primary care and community services have generated around 10,000 samples a day for testing, which gives you an idea of the scale of the impact.” - Synnovis

Services including blood transfusions reportedly remain severely disrupted at Guy's and St Thomas' Hospital and King's College Hospital. Both hospitals are experiencing disruption of pathology services, particularly blood tests.

Blood Testing Severely Impacted After Synnovis Ransomware Attack

The biggest challenge that Synnovis is currently facing is that all its automated end-to-end laboratory processes are offline since all IT systems have been locked down in response to the ransomware attack. “This means we are having to log all samples manually when they arrive, select each test manually on analyzers and, once tests have been processed, type in each result on the laboratory’s computer system (the Laboratory Information Management System - LIMS),” Synnovis said. And this is not the end of it. Synnovis then must manually deliver these results to the Trust’s IT system so that the results can be further electronically submitted back to the requester. But since the Synnovis’ LIMS is presently disconnected from the Trusts’ IT systems, “this extensive manual activity takes so much time that it severely limits the number of pathology tests we can process at the moment,” Synnovis explained. The pathology service provider normally processes around 10,000 primary care blood samples a day, but at the moment is managing only up to 400 from across all six boroughs. “Despite the measures we know colleagues are taking to prioritize the most urgent samples, we are receiving many more than we can process and we have an increasing backlog,” Synnovis said. The lab services provider last week was able to process around 3,000 Full Blood Count samples but could not export results due to the lack of IT connectivity. “Of those tests processed, we have phoned through all results that sit outside of critical limits, however, we have been unable to return any results electronically and are unlikely to be able to do so,” Synnovis said. The impact of the Synnovis ransomware attack is also felt on NHS Blood and Transplant (NHSBT), as it appealed to the public earlier this week to urgently donate O blood-type (+ve and -ve) across England. The attack caused significant disruption on the hospitals’ ability to match patients’ blood types, leading to an increased demand for O-positive and O-negative blood donations that are medically considered safe for all patients.

Will Process only 'Clinically Critical' Blood Samples

To manage the inadequacy of the services, the service provider is momentarily only accepting blood samples that the requesting clinician considers to be “clinically critical.” Clinicians need to consider a test as “critical” only if a test result is needed within 24 hours to determine a patient’s urgent treatment or care plan. “As experts, your clinical view of what is considered ‘critical’ will be accepted by the laboratory, but we urge you to apply this definition carefully, given the severe capacity limitations we are facing,” Synnovis recommended. [caption id="attachment_77097" align="aligncenter" width="1024"] Source: Synnovis[/caption] The pathology service provider is also working with NHS Trust to install laptops at the hub laboratory, which will give them access to the Trust IT systems to return test results electronically.

Caregivers Working Overtime

Doctors and caregivers at Guy's and St Thomas' Hospital and King's College Hospital have been putting in extra hours since the Synnovis ransomware attack disrupted services last week. But this is not enough, as KCH has already cancelled some of its operations and is working only at about 70% capacity. Three of its 17 operating theatres remain shut, BBC reported.

Cisco, a global leader in networking and cybersecurity solutions, has announced the appointment of Sean Duca as its new Chief Information Security Officer (CISO) & Practice Leader for the Asia Pacific, Japan, and China (APJC) region. Sean, in his LinkedIn post, expressed his excitement about joining Cisco after taking a six-month break to focus on his health and recharge. He shared his enthusiasm for the new challenge ahead, working within Cisco's Customer Experience (CX) Team for APJC and eventually relocating to Singapore. “After an amazing 6-month break to recharge and focus on my health, I'm thrilled to embark on a new and exciting challenge at Cisco, working in the CX Team for APJC, and will eventually be based in Singapore,” reads the LinkedIn Post. On his first day at Cisco, Sean expressed his eagerness to collaborate with Jacqueline Guichelaar and the broader CX team, as well as reconnecting with former colleagues, including Peter M. Sean's decision to join Cisco was influenced by the opportunity to work with remarkable individuals, such as Jeetu Patel, and to contribute to innovative solutions like Cisco’s Hypershield. “Day 1 is done, and loving it! I am excited to work with Jacqueline Guichelaar and the wider CX team and to reconnect and work alongside Peter M. again,” reads the post. [caption id="attachment_76494" align="aligncenter" width="679"] Source: Sean Duca's LinkedIn Post[/caption]

Sean Duca Vast Experience

Sean brings over 20 years of experience in cybersecurity to his new role, with a proven track record of driving visionary strategies and practical solutions to enhance digital security. Sean's extensive background includes nearly nine years at Palo Alto Networks, where he served as Vice President and Regional Chief Security Officer (CSO) for the APJ region. Before that, he spent over 15 years at Intel Security, serving as the Chief Technology Officer (CTO) for the Asia Pacific region. His leadership in technology and security has made a significant impact in the industry. Reflecting on his new role at Cisco, Sean emphasized his commitment to helping customers achieve their security and business goals while extracting value from their Cisco investments. He expressed his eagerness to reconnect with partners and contacts in his soon-to-be new country, Singapore, highlighting his dedication to driving cybersecurity excellence across the region. “What drew me to Cisco? I've met incredible people, Jeetu Patel’s visionary strategy, and the innovation behind solutions like Cisco’s Hypershield. I can't wait to reconnect with partners, new and old, and many contacts in my soon-to-be new country when I move up next month. Most importantly, I'm eager to help our customers achieve their security and business goals, proving our value and extracting value from their Cisco investment,” reads the post further. With his renewed focus and energy, Sean's appointment is poised to lead Cisco's efforts to elevate performance in the cybersecurity world across APJC.

Sophos, a cybersecurity company that offers a wide range of security solutions, has announced the appointment of Joe Levy as the company’s Chief Executive Officer (CEO). Levy, who has been serving as acting CEO since February 15, is set to drive the execution of Sophos' strategic vision. To support this strategy, Levy has named Jim Dildine as Sophos’ new Chief Financial Officer (CFO) and a member of the senior management team. Speaking on the development, Dildine said," Having worked in technology and finance for over 30 years, joining Sophos at this pivotal moment is exciting. The company’s achievements, including its dedication to innovating cybersecurity technology and supporting its partners, are impressive.” “I look forward to helping Joe accelerate growth and further establish Sophos as an industry leader.”

Joe Levy's Extensive Experience

Levy brings nearly 30 years of experience in cybersecurity product development and leadership to his new role. Over his nine-year tenure at Sophos, he has transformed the company from a product-only vendor into a global cybersecurity giant. This transformation includes the establishment of an incident response team and a managed detection and response (MDR) service that now defends over 21,000 organizations worldwide. Additionally, Levy created SophosAI and Sophos X-Ops, an operational threat intelligence unit that integrates over 500 cross-departmental cybersecurity operators and threat intelligence experts. This unit shares real-time and historical cyberattack data across all Sophos solutions, enhancing their ability to defend against persistent cyberattacks. Levy's extensive experience includes working with the channel, including managed security providers (MSPs), which began in the mid-1990s when he started his career as a cybersecurity practitioner and innovator at a value-added reseller.

Joe Levy Next Move: Expanding the Midmarket Base

As CEO, Levy aims to expand Sophos’ strong customer base in the midmarket, which includes nearly 600,000 customers worldwide and generates more than $1.2 billion in annual revenue. “When midmarket organizations – the global critical substrate – are paralyzed due to ransomware or other cyberattacks, the ripple effect impacts supply chains and slows our economy. Operations of all sizes suffer collateral damage when supply chain dependencies are attacked. This can be devastating in unpredictable ways due to the complexity of the modern global economy,” said Levy. Adding further, Levy said, “Our goal is to help more midmarket organizations – the estimated 99% below the cybersecurity poverty line – improve their detection and disruption of inevitable cyberattacks. We plan to achieve this by working with MSPs and channel partners who can scale with us using our innovative technologies and managed services. Cyberattacks on the midmarket can severely impact global functionality, and Sophos is committed to changing that.” Sophos has a unique opportunity to scale its business by helping organizations that require basic and advanced defenses against cyberattacks. These organizations, often smaller entities within critical infrastructure sectors, are just as vulnerable to cyber threats as major corporations. Sophos' Active Adversary report and 2024 Threat Report highlight that attackers frequently exploit exposed Remote Desktop Protocol (RDP) access at midmarket organizations for data theft, espionage, ransomware payoffs, or supply chain attacks.

Strategic Appointment of Jim Dildine as CFO

To support his leadership strategy, Levy has appointed Dildine as CFO. Dildine brings exceptional operational expertise and a strong background in channel partner-based cybersecurity business. He joins Sophos from Imperva, where he served as CFO for over four years. Before Imperva, Dildine was CFO for Symantec’s $2.5 billion enterprise security business unit and held key financial leadership roles at Blue Coat Systems. At Blue Coat, he oversaw significant growth, leading to a go-private transaction by Thoma Bravo, a sale to Bain Capital, and a subsequent sale to Symantec for $4.6 billion in 2016. He also managed the acquisition and integration of six security-focused companies valued at over $750 million. Chip Virnig, a partner at Thoma Bravo and a Sophos board member, expressed confidence in the new leadership team. “Thoma Bravo has worked with Joe through successful investments in SonicWall and Blue Coat Systems. His authentic leadership and impeccable reputation in the cybersecurity industry make him the ideal CEO for Sophos. We’re also excited to have Jim join as CFO. We’ve worked with Joe and Jim for over a decade and believe their combined expertise will drive Sophos to new heights," said Virnig.