News 02-02-2022

Latest News In TLS/SSL : January 2022

DigiCert

Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series.

TLS news

Data security

Data breaches

Vulnerabilities

  • A flaw that Microsoft fixed almost a decade ago is still being used by hackers, recently affecting over 2,000 victims in over 100 different countries. Hackers use the nine-year-old flaw to plant malware, dubbed ZLoader, onto devices by modifying a dynamic-link library (DLL) file that is digitally signed by Microsoft.
  • Researchers warned that a flaw in all major Linux systems could be exploited to gain access to full root privileges.

Ransomware

  • Hacktivists claimed to have infected the Belarus rail system with ransomware to stop Russia from advancing into the country. On Twitter, they announced that they would only offer the decryption key if Belarus President Alexander Lukashenko agreed to stop aiding Russian troops and released political prisoners in need of medical assistance. This attack is the first of its kind to be used in this way.

Quantum computing

  • Researchers from the University of Sussex, UK, have found that cryptocurrencies like bitcoin are a long way away from being at risk to quantum attacks. Quantum computers would need to be 1 million times larger than they currently are to break the cryptographic algorithm that secures bitcoin, which could take a decade to become a reality, according to the researchers.

Government regulation

  • The U.S. White House held a meeting of both government and private stakeholders in January to discuss ways to improve the security of open source software. Proposed plans include integrating security into development tools and using best practices like code signing, strong digital identities and informing the public of what is in the software they purchase and use. This is one of many discussions that have taken place since President Biden made software security a national priority.
  • Britain launched its first ever Government Cyber Security Strategy. This will make it easier for the public to report cyber vulnerabilities and attacks and includes investments into protecting Britain’s public services from cyber threats.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

Why certificate automation is an absolute must

11-15-2024

4 steps to secure the IIoT device lifecycle