Hello, welcome to the Tuesday, September 28, 2021 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

And here, the Saturday initiative, Yudomeida from Cyber Defense Institute,

release details regarding a vulnerability in Trent

Micro's server protect. CVSS score is 9.8 and the vulnerability is an authentication

bypass vulnerability. To exploit the vulnerability and hacker would have to have access to the server

protect console because that's where the vulnerability is located and Trent Micro has already

released updates for this product. Well it's time to talk in a little bit more detail again about a problem

with let's encrypt certificates that I have mentioned in the past, and that's that one of the

root certificate authority certificates being used to validate let's encrypt certificates

is going to expire at the end of the month.

Of course, Let's Encrypt has been aware of this and has been taking measures to lessen the impact

by cross-signing their certificates with a second route certificate.

That's the ISRG Route X-1 certificate. But of course, there are old

operating systems that do not trust this newer certificate authority because, well, at the time

when the operating system was released, this authority wasn't around yet, and these operating

systems have not received the necessary

updates to their route certificates.

Now, we're talking very old operating systems here.

For example, Android devices, as for a bag as 236, according to Let's Encrypt, will continue to work.

Browsers like Firefox also got their own updates, and pretty much any operating system

...