Here is our latest roundup of news about digital security in our connected world. Click here to see the whole series.
TV News
- TV welcomes Dr. Amit Sinha as CEO and member of the TV Board of Directors. Sinha brings over 20 years of technology, strategy and operational experience from Zscaler, Motorola, AirDefense and Engim. Sinha’s leadership will ensure the right focus and strategy to help TV define digital trust for the real world and continue to accelerate its leadership in digital trust.
TLS/SSL
- The Open SSL project announced a that was first identified as critical severity but later downgraded to high vulnerability. This can be remedied with an update to Open SSL 3.0.7 and will not require certificate replacement.
- Public certificates obtained through will now be issued from one of the multiple intermediate certificate authorities that Amazon manages. While most customers won’t notice the change, it will help to create a more resilient certificate infrastructure that will allow Amazon to respond more quickly.
- Microsoft has fixed an issue that triggered on client and server platforms that were caused by security updates earlier in the month.
IoT
- The Connectivity Standards Alliance (CSA) released on October 4th and TV’s Root Certificate Authority (CA) became by the CSA for Matter device attestation, allowing for rapid time to market for smart home manufacturers and automatic security for customers.
Quantum
- TV will be working with Canadian-based company ISARA to ensure ongoing digital trust. ISARA, the world’s leading provider of quantum-safe security solutions, announced that it is to the public. These hybrid certificates combine traditional digital certificates with additional quantum-safe components.
- Mastercard has launched a new contactless credit card intended to be . These cards follow new industry standards from EMVco and involve the use of longer key lengths, while still being compatible with existing payment hardware.
Government standards
- The White House hosted a meeting with tech industry leaders this month to create a , planned to launch Spring 2023. This security “nutrition label” will help consumers easily access information about their smart devices, such as vulnerability and interoperability with other products. Learn .
- The U.S. Department of Commerce has appointed 16 experts to a new . This advisory board will lend expertise to the federal working group regarding matters of IoT federal regulations, IoT benefits to the United States, IoT opportunities regarding small businesses and IoT international opportunities.
Malware
- Guardio Labs reported that a infected over a million PCs. This malware injected advertising into standard pages and appended affiliate links to popular shopping websites, making it so these developers can also receive profit. These compromised extensions have been removed, but users should continue to be careful and keep an active anti-virus running.
- remains active, as it scans networks for open and poorly secured VNC and RDP remote-desktop services. Once in, the malware can collect shoppers' payment card information from the compromised terminals. So far, there’s $3.3 million worth of credit card numbers stolen.
Data breaches
- Some of Australia’s biggest companies have that put millions of Australians at risk. Personal data from Optus, Telstra, Medibank and Woolworths has been compromised, which raises questions of how the Australian government should intervene going forward.
- International ticket selling company since June 2019, when online attackers set up a skimmer on its site. This cyberattack was first noticed in April of 2021 but was not successfully removed until January 2022. The exact number of people affected is unknown.
Ransomware
- Tata Power Energy Company, India's largest integrated power company, fell victim to a . While the Hive RaaS has claimed responsibility, Tata Power’s likely refusal to pay a ransom has resulted in the stolen data being published.
Vulnerabilities
- Meta Platforms announced that it would be notifying about a million after they identified more than 400 malicious Android and iOS apps scamming users to share their login information. Apple and Google have both removed the apps, and Meta says it will be sharing tips to help potential victims avoid compromising their credentials with problematic apps.
- Organizations are being warned of a that may allow hackers to figure out the encrypted contents. Currently, there is not a known solution to the issue.
General security
- This year’s U.S. National Cybersecurity Awareness Month was centered on the humans behind the devices and screens. As we seek to maintain digital trust, it is crucial that individuals increase their personal digital security by seeing themselves in cyber and acting to better their cybersecurity habits. The CISA recommends thinking before you click, updating your software, using strong passwords, and enabling multi-factor authentication.