Here is our latest roundup of news about digital security in our connected world. Click here to see the whole series.
IoT
- Matter 1.0 has with the CSA (Alliance) announcing its release on Oct. 4. Matter has been a multi-year project bringing together all of the biggest names in smart home manufacturing, including Apple, Google, Samsung and more to create a reliable, secure way for devices by different manufacturers to interoperate. TV has been highly involved in Matter, and can help manufacturers achieve compliance with device attestation.
- As the first Matter-approved root CA, also known as a Product Attestation Authority (PAA), TV can now provide rapid time to market for smart home manufacturers looking to earn the Matter seal on their products. Learn more here.
VMC
Browsers
- in a blog post in September. Previously, Chrome relied on the Root store on the platform it was running, but with this new move Chrome will have a consistent, more secure, root across all platforms with minimum requirements for all Cas to be trusted in their Root program. We covered the Chrome Root program and its requirements in more detail in our June recap of the CA/Brower Forum: /blog/ca-browser-forum-recap-june-2022.
Government standards
- The final language for the revision of an which will now be voted on. If approved, the EU Commission will have a universal, cross-border digital ID and by September 2023 every EU member state must have a digital ID wallet available. That means that as soon as next year, the EU digital wallets will be in use.
- that malicious actors may attempt spreading false information, phishing and more to disrupt the 2022 midterm elections. Read more about how to secure voter data and avoid phishing during elections at /blog/election-security-secure-voter-data-and-avoid-phishing.
- The White House released a blueprint for an including five principles to “guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence.” The principles include safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation and human alternatives and fallbacks.
- requiring software firms to meet NIST security standards and Additionally, the NSA, CISA and ODNI released and promise to for suppliers and customers.
- that the new data protection law will enter into effect on Sept. 1, 2023. The Data Protection Act (DSG) is designed to ensure that Switzerland maintains a high level of data privacy compatible with EU regulation for cross-border data transmission to continue without additional requirements.
Malware
- is infecting thousands of PCs with fake updates. Additionally, malware has been found in Minecraft cheat programs that claim to help gamers take shortcuts to success, which has affected thousands of users. Other games have also experienced malware threats, including FIFA, Roblox, Far Cry and Call of Duty.
- Attackers have put malicious code encoded in GIFs that can be used to steal data, which they then share on Microsoft Teams. The flaw has not yet been fixed, so for now users should think twice before opening GIFs shared in Teams.
- malware from hackers backed by the North Korean government. Several organizations were compromised from installing these apps. that the threat group ZINC added malware to legitimate open-source apps like PuTTY and has had several victims since June 2022.
Data breaches
- where U.S. customer data was exposed online. The breach occurred the company confirmed the incident in in early September, assuring customers that social security numbers and credit card numbers were not exposed but that contact and demographic information were exposed.
- caused by a social engineering attack affected all of their internal systems, including Slack, where the attacker posted a company-wide message. However, The attack was compared to Uber’s major 2016 breach, for which
Outages
- Zoom experienced a significant, but brief, outage on Sept. 15. The global outage prevented users from starting and joining meetings for about an hour. Zoom did not express the cause, publishing on their only that “We have identified the issue starting and joining meetings. We will continue to investigate and provide updates as we have them.”
Quantum
- a refrigeration system which can cool to temperatures colder than outer space to hold future quantum computers. In a IBM says their “super-fridge” could cool future quantum experiments and could hold up to 1.7 cubic meters worth of volume. Intel recently announced the which is designed to help developers learn how to program quantum algorithms. The SDK is available now in beta through Intel Developer Cloud.
Ransomware
- in early September, leading to a response from local officials, the FBI and Department of Homeland Security. Up to 400,000 students were impacted with potential data exposed, including personal information, disciplinary records and assessments. The LA School District, the second largest district in the country, required all students to reset their passwords. Additionally, following the breach the that the education sector is highly at-risk of attacks by ransomware by attack group Vice Society.
Vulnerabilities
- in mid-September to fix vulnerabilities in iPhone, iPad and Mac systems that were actively exploited. The patches were released for all iPhone 6 and later, all iPad Pro models, iPad Air 2 and later, and iPod touch 7 and later.
- Australia’s commemorative The limited-edition coin marks the 75th anniversary of the Australian Signals Directorate (ASD) and had four levels of encryption. Now the ASD is hoping to recruit the boy who cracked their encryption.