Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series.
TLS news
- DigiCert released security predictions for 2022, including predictions about what’s in store for ransomware, post-quantum computing, automation, VMCs and more.
- Earlier this month, Detectify Labs published a report analyzing TLS certificates that shows companies need to be aware of information in domain names, otherwise they can become “a looking glass into the organization.”
- Microsoft Windows 11 users experienced some failures due to an expired certificate. The certificate expired on Oct. 31, 2021, and affected features like the snipping tool, start menu, touch keyboard and more. Microsoft issued a warning and suggested workarounds and continues to update users on the situation.
Data breaches
Vulnerabilities
Government regulation
- The U.K. government introduced new legislation that would better protect consumer IoT devices from hackers and proposed heavy fines of up to £10m (or 4% of global turnover). The proposed requirements include banning universal default passwords, forcing firms to be transparent about how they are fixing security flaws and creating a reporting system for discovered vulnerabilities.
- The U.S. Department of Defense announced that they will launch an office dedicated to zero trust to hasten the adoption of a zero-trust architecture. This comes in response to the 2020 SolarWinds attack and the recent U.S. Executive Order on Improving the Nation’s Cybersecurity, which calls for government agencies to move towards a zero trust architecture.
Quantum Computing
- IBM announced a breakthrough in quantum computing: creating a quantum processor that can process information that a traditional computer cannot. The Eagle processor, as IBM calls it, can process 127 qubits, whereas a traditional computer can only process 100 qubits.
Malware
- A new mobile malware affecting Android devices, dubbed SharkBot, is targeting European banks and cryptocurrency services. SharkBot performs ATS attacks inside an infected device which enables attackers to auto-fill fields in mobile banking apps.
Internet of Things
- Smart home device manufacturers such as Google, Apple, Samsung and Amazon have come together on an industry standard: Matter. In early November, Amazon announced support of Matter for Echo and Eero devices. The Matter standard would help ensure interoperability between different devices and ecosystems, but also needs to consider the security of those connections.
- Awareness of a new iPhone hack where AirPods can be used as a remote listening device spread quickly via TikTok. iPhone users can set their phone to “listening” mode, leave it in another room, and pick up sound via Bluetooth headphones. Thus, people were warned to be careful of their conversations around unattended iPhones.
PKI
- The PKI Consortium is developing an open-source global list of Trust Lists. Trust Lists are used by applications to know whether or not to trust a certificate and its issuer. This global list will be open to any region, purpose, size or industry.
- A new tool, Driftwood, was released this month that allows organizations to discover leaked paired private and public keys.