Here is our latest news roundup of articles about network and TLS/SSL security. to see the whole series.
TLS news
- released security predictions for 2022, including predictions about what’s in store for ransomware, post-quantum computing, automation, VMCs and more.
- Earlier this month, published a report analyzing TLS certificates that shows companies need to be aware of information in domain names, otherwise they can become “a looking glass into the organization.”
- Microsoft Windows 11 users experienced some failures The certificate expired on Oct. 31, 2021, and affected features like the snipping tool, start menu, touch keyboard and more. and suggested workarounds and continues to update users on the situation.
Data breaches
- Robinhood, a U.S. trading platform, was breached due to aimed at customer support. Attackers were able to access the names of 2 million customers and additional data on some clients. However, according to a Robinhood statement, there were no customer financial losses.
- Over by a breach at GoDaddy. The attacker gained accessed through a compromised password and Additionally, it appears that usernames and passwords were easily exposed because they were
- Personal data of nearly was leaked from a hotel booking site, RedDoorz. RedDoorz’s website operator, Commeasure, was fined $74,000 as a result.
Vulnerabilities
- After Microsoft failed to correctly patch a flaw, Microsoft is aware and has labeled the vulnerability a medium threat but didn’t give a timeline for releasing a fix.
- The as forged certificates for Mickey Mouse, Sponge Bob and even Adolf Hitler were generated and recognized as valid. The EU is currently investigating the leak to contain it and prevent any future misuse.
Government regulation
- The that would better protect consumer IoT devices from hackers and proposed heavy fines of up to £10m (or 4% of global turnover). The proposed requirements include banning universal default passwords, forcing firms to be transparent about how they are fixing security flaws and creating a reporting system for discovered vulnerabilities.
- The announced that they will launch an office dedicated to zero trust to hasten the adoption of a zero-trust architecture. This comes in response to the 2020 attack and the recent which calls for government agencies to move towards a zero trust architecture.
Quantum Computing
- IBM announced a creating a quantum processor that can process information that a traditional computer cannot. The Eagle processor, as IBM calls it, can whereas a traditional computer can only process 100 qubits.
Malware
- A new dubbed SharkBot, is targeting European banks and cryptocurrency services. SharkBot performs ATS attacks inside an infected device which enables attackers to auto-fill fields in mobile banking apps.
Internet of Things
- Smart home device manufacturers such as Google, Apple, Samsung and Amazon have come together on an industry standard: In early November, announced support of Matter for Echo and Eero devices. The Matter standard would help ensure interoperability between different devices and ecosystems, but also needs to consider the security of those connections.
- Awareness of a new iPhone hack where spread quickly via TikTok. iPhone users can set their phone to “listening” mode, leave it in another room, and pick up sound via Bluetooth headphones. Thus, people were warned to be careful of their conversations around unattended iPhones.
PKI
- The is developing an open-source global list of Trust Lists. Trust Lists are used by applications to know whether or not to trust a certificate and its issuer. This will be open to any region, purpose, size or industry.
- A new tool, Driftwood, was released this month that allows organizations to