Here is our latest roundup of news about digital security in our connected world. Click here to see the whole series.

DigiCert news

• We are proud to present DigiCert^® Trust Lifecycle Manager, a comprehensive digital trust solution that unifies CA-agnostic certificate management and public key infrastructure (PKI) services. This full-stack solution helps organizations protect their bottom line by reducing risk of outages of mission-critical applications, the attack surface area for breaches and customer churn due to loss of trust. It also adds to their top line by accelerating customer acquisition, improving employee productivity and driving digital innovation.

European standards

• In one of the largest fines ever issued by the EU for privacy violations, Meta was fined over $400 million by Ireland's Data Protection Commission for violating EU privacy laws. The company was found to have collected and processed data of EU citizens without proper consent and without a valid legal basis, leading to breaches of their privacy rights. This highlights the importance of properly securing and handling personal data to protect the privacy of individuals.
• The European Commission has unveiled plans for the DNS4EU project, a new EU-based DNS internet infrastructure that aims to protect 100 million people across the continent. The project will be developed by an international consortium led by Czech company Whalebone, and will provide users with a secure, privacy-compliant recursive DNS, as well as free DNS service to citizens and institutions. The project also seeks to strengthen the EU's digital independence by providing an alternative to the current public DNS offered by U.S.-based tech giants.

Quantum

• A research team has published a paper claiming that they can now break RSA encryption using a quantum computer. RSA encryption is widely used to secure sensitive information, such as financial transactions and confidential communications. Despite the claims from this research paper, the reality is that the existing RSA algorithms with the key size of 2048 are far from being breakable by any existing quantum computers. However, the published research was a step towards optimizing one form of quantum algorithm for integer factorization.
• The Internet Engineering Task Force (IETF) has created a Post-Quantum Use in Protocols working group.

Vulnerabilities

• Slack released a security update addressing several security vulnerabilities, including improvements to Slack's password policy and the introduction of two-factor authentication for all users. The company has also made changes to the way it handles sensitive data, such as encryption of data in transit and at rest, to enhance the protection of user information. This is a reminder of the importance of regularly updating security systems and implementing strong security measures to prevent data breaches and other security incidents.
• The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory warning that federal agencies are being targeted by cyber attackers using legitimate remote management systems to gain unauthorized access. These systems are used by IT personnel to manage devices and servers remotely, but they can also be exploited by attackers to gain access to sensitive information. The attackers use various techniques such as password spraying and exploitation of known vulnerabilities to compromise these systems, leading to data breaches and other types of cyberattacks. It is important for organizations to ensure the security of these systems and regularly update them to prevent such attacks.
• A multi-million dollar cryptocurrency scam has been uncovered and shut down by Europol in a coordinated raid across four countries. The scam involved a group of individuals who posed as cryptocurrency and forex trading companies, tricking victims into investing large sums of money with false promises of high returns.
• Fortinet has recently released an autopsy report on a critical vulnerability (CVE-2022-42475) found in its FortiOS SSL-VPN that allowed hackers to remotely execute malicious code. The vulnerability was fixed in version 7.2.3 released on Nov. 28. On Dec. 12, the company warned of active exploit activity against at least one of its customers and urged them to update their networks.

Code signing

• GitHub reported on Jan. 31 that an unauthorized user stole three of their code signing certificates in December 2022. Once detected, GitHub immediately revoked the unauthorized credentials and revoked the certificates on Feb. 2. Here’s how to prevent it from happening to you.

IoT

• Experts estimate that 2022 marked a turning point for the IoT as attacks are evolving and being used as a point of entry. According to some experts, IoT security has largely not kept up with these evolving threats. This is especially concerning given the number of estimated IoT devices in the world that could be easily hacked has now passed 17 billion.

Data breaches

• Okta had its source code stolen after hackers gained access to its GitHub repositories. The attackers were able to view and download the source code, but there is no evidence that they made any changes or that they used the code for malicious purposes. Additionally, attackers were not able to access customer data or the Okta service. The company has since secured its repositories and has implemented additional security measures to prevent similar incidents in the future.
• Hackers have published the email addresses and handles of 235 million Twitter users in a massive data leak. The cause of the leak is still under investigation, but it is believed to have resulted from a flaw that allowed outsiders to look up a user based on their email address or phone number.
• GoTo (owner of LastPass) has suffered a data breach in which hackers stole customer backups and the company's encryption key. Information impacted includes usernames, passwords, provisioning information, multi-factor authentication information and purchasing data. The investigation is still underway, but meanwhile customers are advised to reset all their passwords, not just their master password.

Malware

• Cyber attackers have created custom malware to exploit a zero-day vulnerability in Fortinet security systems. This vulnerability allows the attackers to bypass the security systems and gain unauthorized access to sensitive information. The malware is highly sophisticated and difficult to detect, making it a serious threat to organizations that use Fortinet security systems. The issue has been addressed by Fortinet in their latest security update, but it highlights the need for organizations to stay vigilant and update their security systems regularly to prevent such attacks.
• A new python-based malware has been discovered targeting Windows systems. The malware is a Remote Access Trojan (RAT) that allows attackers to remotely control infected systems, steal sensitive information and carry out further attacks. The malware is spread through phishing campaigns and is stealthy enough to evade detection by most anti-virus software. It is recommended that Windows users take precautions to protect themselves from this malware by keeping their software up to date, using anti-virus software and avoiding suspicious email attachments and links.

Outages

• An outage caused by an FAA system failure left thousands of flights in the United States delayed. The failure was caused by a damaged data file that personnel were responsible for corrupting, likely two contractors who failed to follow government procedures. The FAA’s Notice to Air Missions systems (NOTAMs) issues notices to flight personnel and had failed. The NOTAM system provides important information to pilots about potential hazards, such as weather conditions and airport closures, and is critical for safe flight operations.
• A Microsoft Cloud outage affected users around the world. The outage affected Outlook and Teams and Microsoft claims it was caused by a change it made to its “Wide Area Network” which is now resolved.
• Twitter experienced a global outage which led to concerns of whether the outages might be connected to Twitter’s diminished workforce since Elon Musk acquired the company. The exact cause is unknown, but Musk later tweeted that “significant backend server architecture changes” were made so “Twitter should feel faster.”