Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series..
TLS News
In September the number of web certificates in use surpassed 100 million for the first time. According to Netcraft, there were 100,323,811 valid certificates, an increase of 1.39% since August.
Apple is depreciating TLS 1.0 and 1.1 in both iOS and macOS. Currently, TLS 1.0 and 1.1 are not supported in iOS 15 and macOS 12, but all support will be removed in the future.
Let’s Encrypt’s root certificate, IdentTrust DST Root CA X3, expired Sept. 30. Any devices that do not trust the new the ISRG Root X1 root certificate will experience warnings on any sites with Let’s Encrypt certificates after Sept. 30.
A hacktivist group known as Anonymous claimed to leak a decade’s worth of data from web hosting company Epik, which services many right-wing clients.
Vulnerabilities
Apple released an emergency software update Sept. 13 for a vulnerability in iPhone, iPad, Apple Watches and Mac Computers that allowed an advanced form of spyware from NSO Group, an Israeli company.
An attacker released nearly 90,000 credential sets for FortiGate SSL VPN devices. Users should reset their passwords to protect against network attacks.
Government regulation
The U.S. Office of Management and Budget released a draft of the Federal Zero Trust Strategy, which will help move government agencies to a baseline of zero trust.
U.S. President Joe Biden issued security guidance for companies to curb cyberattacks, especially following the recent hacks on U.S. companies.
A phishing campaign that targeted the aviation industry with malware has gone unnoticed for two years. Although the malware is not particularly advanced, it shows how small-scale attackers can manage to go under the radar for long periods of time without being detected.
Digital Signatures
Due to the lack of the Swiss electronic signature being recognized in the EU, a 400 million euro deal for double-decker trains fell through this month. The signer used a digital signature, but not one that is valid across boarders within EU states.
A new report by DigitalEurope found that the Internet of Things is missing product legislation for cybersecurity and lacks monitoring throughout a product’s lifecycle. The researchers recommend that the EU Commission launches proposals for legislation as soon as possible.