News 03-03-2022

Latest News In TLS/SSL: February 2022

Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series.

The Russian invasion – what’s happening in cybersecurity

  • In what experts are calling a parallel cyberwar, Russia has also been . On the day of Russia’s first ground attack on Ukraine, an affecting computers at a Ukrainian bank and Ukrainian government agencies.
  • As this is likely to be the first among more attacks, the U.S. have advised that both public and private organizations implement “shields” to protect against potential Russian cyberattacks, including malware.

Data breaches

  • Nearly were stolen in just three hours in an apparent phishing attack. The attack targeted OpenSea users using a vulnerability in the open-source standard underlying most NFT smart contracts. The attackers were able to use valid digital signatures in partially complete contracts but transfer the contract to their own wallets. One explanation describes it as essentially stealing blank checks.
  • The Internet Society, a nonprofit that aims to keep the internet open and secure, experienced a data . The society claims a third-party vendor is responsible for the breach, which left data exposed for at least a month.

Vulnerabilities

  • According to cybersecurity researchers at Proofpoint, (MFA), including using phishing kits. allow attackers to harvest and use credentials and are typically inexpensive. Newer kits enable hackers to steal not only usernames and passwords but also MFA tokens and more.
  • Another tactic hackers have been using to bypass MFA is “,” which involve bombarding the victim with MFA push notifications until they accept one, accidentally or not. Of course, attackers must first have the victim’s credentials, but those are becoming easier for attackers to steal.

Government regulation

  • The EU European Commission has published the outline of the architecture and reference . This is the first step in the toolkit that is expected to be released this summer.
  • The specializing in blockchain analysis and virtual asset seizure. The announcement comes after the largest virtual asset seizure to date, with the FBI charging a New York couple with laundering over $4.5 billion in bitcoin.

Outages

  • An outage left for several hours Feb. 22. to “a change [they] implemented.”

Quantum computing

  • detailed their current efforts to become post-quantum safe, including identifying parts of their network that are vulnerable to prepare for NIST recommendations. The company notes, “It’s important to be proactive about this.”

Malware

  • A new targeting cryptocurrency wallets can steal private keys, in addition to usernames, domain and computer names, the machine ID, and even installed software and which version. “,” as it is dubbed, uses the wallets’ browser extensions and can get through security features such as two-factor authentication with a grabber function.
  • Hackers are also to trick victims into downloading malware that allows the attackers to hijack devices and webcams. The attackers used a “peculiar-looking Excel spreadsheet” that reportedly contained information about NFTs to spread BitRAT malware by getting unsuspecting victims to download the file to their computers.
  • Researchers discovered this month that hackers have been distributing malware via , using the platform to . Hackers were gaining access to user’s emails to use Teams and share files embedded with malware.

Internet of Things

  • NIST, the U.S. National Institute of Standards and Technology, . Similar to nutrition labels, these labels would give consumers more information about their purchase, specifically in regard to the privacy and security of the device or software. , including Singapore and Finland, have already discussed or implemented similar security label systems.
UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for TrustCore SDK

10-31-2024

Announcing the GA release of Device Trust Manager