News 11-09-2022

Latest News In Digital Trust: October 2022

DigiCert
Latest New in Digital Trust: October 2022

Here is our latest roundup of news about digital security in our connected world. Click here to see the whole series.

DigiCert News

  • DigiCert welcomes Dr. Amit Sinha as CEO and member of the DigiCert Board of Directors. Sinha brings over 20 years of technology, strategy and operational experience from Zscaler, Motorola, AirDefense and Engim. Sinha’s leadership will ensure the right focus and strategy to help DigiCert define digital trust for the real world and continue to accelerate its leadership in digital trust.

TLS/SSL

  • The Open SSL project announced a high-level vulnerability that was first identified as critical severity but later downgraded to high vulnerability. This can be remedied with an update to Open SSL 3.0.7 and will not require certificate replacement.
  • Public certificates obtained through Amazon’s AWS Certificate Manager will now be issued from one of the multiple intermediate certificate authorities that Amazon manages. While most customers won’t notice the change, it will help to create a more resilient certificate infrastructure that will allow Amazon to respond more quickly.
  • Microsoft has fixed an issue that triggered TLS/SSL handshake failures on client and server platforms that were caused by security updates earlier in the month.

IoT

  • The Connectivity Standards Alliance (CSA) released Matter 1.0 on October 4th and DigiCert’s Root Certificate Authority (CA) became the first Matter-approved root CA by the CSA for Matter device attestation, allowing for rapid time to market for smart home manufacturers and automatic security for customers.

Quantum

  • DigiCert will be working with Canadian-based company ISARA to ensure ongoing digital trust. ISARA, the world’s leading provider of quantum-safe security solutions, announced that it is dedicating four hybrid certificate patents to the public. These hybrid certificates combine traditional digital certificates with additional quantum-safe components.
  • Mastercard has launched a new contactless credit card intended to be resistant to quantum attack. These cards follow new industry standards from EMVco and involve the use of longer key lengths, while still being compatible with existing payment hardware.

Government standards

  • The White House hosted a meeting with tech industry leaders this month to create a new standard for security labels for IoT devices, planned to launch Spring 2023. This security “nutrition label” will help consumers easily access information about their smart devices, such as vulnerability and interoperability with other products. Learn more.
  • The U.S. Department of Commerce has appointed 16 experts to a new Internet of Things Advisory Board (IoTAB). This advisory board will lend expertise to the federal working group regarding matters of IoT federal regulations, IoT benefits to the United States, IoT opportunities regarding small businesses and IoT international opportunities.

Malware

  • Guardio Labs reported that a malware-ridden Chrome extension infected over a million PCs. This malware injected advertising into standard pages and appended affiliate links to popular shopping websites, making it so these developers can also receive profit. These compromised extensions have been removed, but users should continue to be careful and keep an active anti-virus running.
  • MajikPOS and Treasure Hunter malware remains active, as it scans networks for open and poorly secured VNC and RDP remote-desktop services. Once in, the malware can collect shoppers' payment card information from the compromised terminals. So far, there’s $3.3 million worth of credit card numbers stolen.

Data breaches

  • Some of Australia’s biggest companies have fallen under attack to data breaches that put millions of Australians at risk. Personal data from Optus, Telstra, Medibank and Woolworths has been compromised, which raises questions of how the Australian government should intervene going forward.
  • International ticket selling company See Tickets announced that it has been leaking payment data since June 2019, when online attackers set up a skimmer on its site. This cyberattack was first noticed in April of 2021 but was not successfully removed until January 2022. The exact number of people affected is unknown.

Ransomware

Vulnerabilities

General security

  • This year’s U.S. National Cybersecurity Awareness Month was centered on the humans behind the devices and screens. As we seek to maintain digital trust, it is crucial that individuals increase their personal digital security by seeing themselves in cyber and acting to better their cybersecurity habits. The CISA recommends thinking before you click, updating your software, using strong passwords, and enabling multi-factor authentication.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min