News 08-03-2023

Latest News in Digital Trust: July 2023

DigiCert
Latest News in Digital Trust: July 2023

Here is our latest roundup of news about digital security in our connected world. Click here  to see the whole series.

Artificial Intelligence (AI)

  • Google is testing its Med-PaLM 2 AI chat technology, based on the PaLM 2 language model, at the Mayo Clinic and other hospitals. Med-PaLM 2 has been trained on medical licensing exam questions and medical expert demonstrations, making it proficient in answering health-related queries, summarizing documents and organizing research data. Both Google and Microsoft are developing medical AI chat technologies, but they assure that patient information is kept confidential and not used to train their models.

TLS/SSL

  • On July 24, Microsoft Sharepoint and OneDrive for Business experienced a brief interruption due to a TLS certificate error. The problem occurred when a German TLS certificate (*.sharepoint.de) was mistakenly added to the main sharepoint.com domain for Microsoft 365 services. This caused a TLS common name mismatch error for users in the US and other countries, preventing them from accessing Sharepoint and related services. Microsoft fixed the issue within ten minutes, but some users reported continued issues for a longer period.

Quantum

  • Researchers at the MIT Plasma Science and Fusion Center have discovered a method to control the anomalous Hall effect and Berry curvature in quantum magnets. They achieved this by manipulating the magnetic properties of thin layers of chromium telluride grown on crystals like aluminum oxide or strontium titanate. By stretching or squeezing these layers, they were able to induce the Hall effect without the need for an external magnetic field. This breakthrough has potential applications in creating strain-tunable materials for use in hard drives, robotics, sensors and health monitoring equipment.

Standards & regulation

  •  The U.S. Cyber Trust Mark is a new initiative that aims to provide consumers with cybersecurity information about internet-enabled devices, similar to a nutrition label. The program intends to inform consumer choices and encourage higher cybersecurity standards among manufacturers. Devices meeting specific cybersecurity criteria will display the trust mark logo. The initiative is expected to go into effect in 2024 and is part of the effort to enhance digital trust and security in IoT devices. DigiCert, among other organizations, supports the Cyber Trust Mark as an essential step in providing more confidence and protection for connected devices.
  • The Securities and Exchange Commission (SEC) has adopted a new rule that requires public companies to disclose cybersecurity incidents within four business days after discovery. The disclosure should include information on the nature, scope, timing and material impact of the incident on the company. The rule also carves out an exception to the four-day disclosure requirement if the U.S. attorney general determines that immediate disclosure would pose a substantial risk to national security or public safety. The new rules aim to improve transparency and consistency in cybersecurity disclosure for investors and will take effect starting Dec. 18.
  • Digidentity has partnered with the General Medical Council (GMC) to offer digital identity verification for doctors in the UK. The service, launched in April 2023, allows doctors to have their identity verified digitally, eliminating the need for in-person verification at a GMC office. It aims to provide speed, convenience and security, while ensuring compliance with identity assurance standards.
  • The European Union has approved a new data transfer deal with the United States, allowing companies to freely transfer data between the two regions and potentially ending years of legal uncertainty for tech giants like Facebook and Google. The deal, known as EU-U.S. Data Privacy Framework, may still face challenges, as privacy activist Max Schrems plans to challenge it in court by the end of August, arguing that it does not provide adequate protections for Europeans.

Vulnerabilities

  • Google is launching a security pilot program where some employees will be restricted to internet-free desktop PCs while they work. The move comes as a response to frequent attacks on Google employees by criminals, making them attractive targets due to their access to sensitive data. Initially mandatory for 2,500 employees, Google is now allowing them to opt out of the program after receiving feedback. The program will disable internet access on select desktops, with exceptions for Google-owned websites and internal web-based tools like Google Drive and Gmail, to prevent phishing attacks and malicious downloads.
  • Cisco Talos has discovered a Microsoft Windows policy loophole that allows a threat actor to sign malicious kernel-mode drivers executed by the operating system. The RedDriver malware, possibly developed by a Chinese-speaking threat actor, targets browsers primarily used in China. RedDriver, an undocumented malicious kernel-mode driver, enables browser hijacking and adds a root certificate to the system. To protect against this threat, maintaining up-to-date operating systems, firmware and software is essential.
  • Cybersecurity agencies in Australia and the U.S. have issued a joint advisory warning about security flaws in web applications, particularly focusing on Insecure Direct Object Reference (IDOR) bugs. IDOR bugs occur when an application allows direct access to internal resources without proper validation, leading to unauthorized access to data. The agencies recommend adopting secure-by-design and -default principles, performing authentication and authorization checks for all data-modifying requests, and implementing strong password policies and multi-factor authentication to protect against such attacks.
  • The cybersecurity firm Check Point Technologies investigated the security vulnerabilities in Peloton treadmills. The findings revealed potential risks in the operating system and applications. The Peloton treadmill operates on the Android 10 OS, which has over 1,100 potential vulnerabilities. Security flaws were found in the treadmill's apps, and the presence of standard APIs posed a risk of malware installation.

Data breaches

  • A cybersecurity breach at Pakistan's National Institutional Facilitation Technologies (NIFT) has put the country's national security at risk. Cyber attackers gained unauthorized access to data, forcing NIFT to shut down its data centers and resort to manual clearing operations for cheques nationwide. While NIFT claims no significant compromise of data, IT experts believe inadequate system operations and poor security checks contributed to the breach, endangering the data of 67.5 million customers.
  • According to a report from IBM Security, the cost of data breaches has reached an all-time high of $4.5 million in 2023, representing a 15% increase over the last three years. The study analyzed breaches at 553 organizations in 17 different industries across 16 countries and regions. Phishing and stolen credentials were the top attack vectors, and ransomware attacks cost significantly more than other breaches, with an average cost of $5.2 million.

Malware

  • The Port of Nagoya in Japan, the country's largest port, experienced a ransomware attack by the LockBit gang, causing a halt in container loading and unloading operations. The attack affected the Nagoya Port Unified Terminal System, the central system controlling all container terminals in the port. The situation is being closely monitored to assess any further impact.
  • Call of Duty: Modern Warfare II was taken offline this month on PC due to reports of malicious hacks. Players were getting attacked via hacked lobbies, and the malware identified was Trojan:Win32 Wacatac.B!ml. Hackers used a worm to self-replicate and spread the malware to other users.
  • Cybersecurity firm Flare analyzed information-stealing malware logs sold on the dark web and Telegram channels, and found over 400,000 corporate credentials on malware logs, including access to various business applications like Salesforce, Hubspot, Quickbooks, AWS, GCP, Okta and DocuSign. To minimize the risk of info-stealer malware infections, businesses should use password managers, enforce multi-factor authentication and set strict controls on personal device use while training employees to identify and avoid risks.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min