News - Securetron | ADCS | MSCA | Certificate Management

Microsoft Is Removing Trust for Cross‑Signed Kernel Drivers and here is How to Validate

Posted in News.

Windows | News Kernel Drivers | WHCP Microsoft Is Removing Trust for Cross-Signed Kernel Drivers Microsoft is closing one of Windows’ longest-standing security gaps. Beginning with the April 2026 Windows Update, Windows will no longer trust kernel drivers signed under the legacy Cross-Signed Driver Program. Attackers have abused these drivers for years to load malicious or vulnerable components directly into the kernel. This change affects Windows 11, Windows Server 2025, and all future releases. 🔐 Why Microsoft Is Making This Change Cross-signed drivers were originally a convenience...

bios, boot, drivers, IoT, kernel, OT, secure boot, SeSecureBoot, uefi, WHCP

Windows Secure Boot Certificate Update

Posted in News.

ADCS | Compliance SaaS | Enterprise | Community Edition How to update Windows Secure Boot Certificate About Secure Boot Secure Boot enforces a chain of trust by checking signatures against certificates stored in firmware (DB/KEK/PK). The 2011 Microsoft UEFI CA certificates begin expiring in June 2026; systems that do not receive the replacement certificates will enter a degraded security state and may lose future boot‑time protections What Microsoft is doing and timeline Microsoft published guidance and began a phased rollout of...

bios, boot, secure boot, SeSecureBoot, uefi

Eliminating Certificate Risk: How Azure Key Vault and Securetron PKI Trust Manager Work Together

Posted in Knowledgebase, News. No Comments on Eliminating Certificate Risk: How Azure Key Vault and Securetron PKI Trust Manager Work Together

Azure | Key Vault | AKV SaaS | Enterprise | Community Edition 🔐 Why Managing Certificates in Azure Key Vault Is Essential And How Securetron PKI Trust Manager Elevates That Security Digital certificates sit at the heart of modern security. They authenticate workloads, encrypt data in transit, and establish trust between applications, devices, and users. As organizations scale their cloud footprint, the number of certificates they rely on grows rapidly and so does the complexity of managing them. This is where Azure Key Vault becomes indispensable. And when combined with Securetron PKI...

Active Directory Certificate Services, admin group, AKV, azure, Azure Key Vault, CBA, cbom, certificate, certificate based authentication, certificate bill of material, Certificate Lifecycle Management, Certificate Management System, clm, containers, discovery, docker, entra-id, free, handala, Intune, iran, Linux, MFA, notification, phishing resistant, PKI, remote wipe, striker, stryker, TLS

Client Auth and Server Auth EKU in a Certificate

Posted in Knowledgebase, News. No Comments on Client Auth and Server Auth EKU in a Certificate

Templates | Compliance SaaS | Enterprise | Community Edition The Client-Server Identity Crisis: Why You Shouldn’t Use a Single Certificate for Both Roles In the world of PKI and TLS, certificates are the digital passports that prove identity. But what happens when a single passport tries to claim two different, high-trust roles at the same time? This is the exact scenario we create when we combine serverAuth and clientAuth Extended Key Usages (EKUs) in a single certificate. While technically possible, and sometimes convenient, this practice is a significant security...

The Weak Link – Auditor General of Canada Warning on PKI and Cryptographic Governance

Posted in News. No Comments on The Weak Link – Auditor General of Canada Warning on PKI and Cryptographic Governance

News | Government Certificate Discovery | Management The Weak Link in Canada’s Cyber Armor: Auditor General of Canada Warning on PKI and Cryptographic Governance A new report from Canada’s Auditor General has issued a stark warning that goes far beyond typical cybersecurity shortcomings. It reveals critical failures in the very foundations that underpin trust and security in government digital services: Public Key Infrastructure (PKI) and cryptography. While the audit doesn’t mention PKI by name, its findings paint a dire picture of the ecosystem in which digital...

Active Directory Certificate Services, asset management, canada, Certification Authority, clm, discovery, PKI, security

Canada Launches PQC Migration Plan to Fortify Government Systems Against Quantum Computer Threats

Posted in News. No Comments on Canada Launches PQC Migration Plan to Fortify Government Systems Against Quantum Computer Threats

ADCS | Compliance SaaS | Enterprise | Community Edition Canada Launches Ambitious Plan to Fortify Government Systems Against Quantum Computer Threats The Government of Canada has officially initiated a sweeping, decade-long mission to future-proof its digital infrastructure against one of the most significant emerging threats in cybersecurity: the power of quantum computing. A new Security Policy Implementation Notice (SPIN), effective as of today, mandates all federal departments and agencies to begin the complex migration to “quantum-safe” encryption. This strategic...

cybersecurity innovation, digital security, lattice-based cryptography, PKI security, Post Quantum Cryptography, PQC cryptography, quantum computing threats, quantum-resistant algorithms, quantum-safe encryption, Securetron PKI Trust Manager

New OpenSSL Vulnerabilities Expose Systems to Key Theft and Remote Code Execution

Posted in News. No Comments on New OpenSSL Vulnerabilities Expose Systems to Key Theft and Remote Code Execution

News October 2, 2025 # Topics OpenSSL Vulnerability Patch Follow Us youtube Learning New OpenSSL Vulnerabilities Expose Systems to Key Theft and Remote Code Execution 02 February, 2021 The OpenSSL Project has released critical security updates addressing three vulnerabilities that could allow attackers to recover private keys, execute arbitrary code, or cause denial-of-service conditions. The patches are available in the newly...

Cve, Cve-2025-9230, CVE-2025-9231, CVE-2025-9232, Open, OpenSSL, SSL

Prevent Ransomware through Code Signing

Posted in Knowledgebase, News. No Comments on Prevent Ransomware through Code Signing

Code Signing | Malware SaaS | Enterprise | Community Edition Fortifying the Digital Frontier: How Code-Signing Certificates and PKI Management Prevent Ransomware Introduction In the relentless battle against cyber threats, ransomware stands out as one of the most destructive and financially motivated. These attacks encrypt a victim’s data, holding it hostage until a ransom is paid, crippling businesses, hospitals, and government agencies. While no single solution offers complete immunity, a robust defense-in-depth strategy is essential. A critical, yet often underestimated,...

ADCS, application, certificate, Certificate Template, cicd, code, code signing, malware, PKI, ransomware, signing, software, timestamp, tsp

How PKI would have prevented Salesloft Breach

Posted in News.

News | mTLS | Risk Applicable: SaaS | Enterprise | Community Edition Salesloft Breach and how PKI eliminates the risk of OAuth token hijacking Introduction Certificates, specifically mTLS (Mutual TLS) certificates, are a powerful mechanism to address OAuth token theft. They don’t prevent the token from being stolen itself, but they severely limit its usefulness to an attacker, effectively neutralizing the threat. The core idea is to bind the OAuth token to a specific client using a cryptographic key pair, making the stolen token unusable on any other client. Here’s a breakdown of...

AI Agents, authentication, automation, Breach, certificate, mTLS, OAuth, PKI, sales loft, salesforce, Salesloft