Here is our latest roundup of news about digital security in our connected world. Click here  to see the whole series.

DigiCert news

• DigiCert announced the expansion of its certificate management platform, DigiCert^® Trust Lifecycle Manager, to provide full lifecycle support for multiple CAs including Microsoft CA and AWS Private CA, as well as integration with ServiceNow to support existing IT service workflows. DigiCert Trust Lifecycle Manager additionally supports enrollment to a broad range of Microsoft and AWS technologies, providing organizations a unified approach to managing public and private trust for use cases such as biometric authentication, device authentication, WiFi/VPN provisioning, cloud workloads and infrastructure management.

S/MIME

• As a reminder, new S/MIME Baseline Requirements go into effect on Sept. 1. Earlier this year, DigiCert released a new certificate linter, pkilint, which automates compliance testing for the new requirements. Last month, DigiCert also released added support on pkilint for the new CA/B Forum TLS certificate profiles ballot, which goes into effect on Sept. 15. To check if your S/MIME certificate is compliant against the new Baseline Requirements and 150 other potential errors, access pkilint at https://www.digicert.com/smime-certificate-linter. 

Quantum

• In a significant milestone after a seven-year process, the National Institute of Standards and Technology (NIST) has released draft standards for quantum-safe algorithms for public comment, after which the final standards will be available early next year. The draft standards for CRYSTALS-KYBER, CRYSTALS-DILITHIUM and SPHINCS+ signal a need for companies to begin now taking steps to implement these quantum-safe algorithms once standardized. DigiCert has been working with NIST and the Internet Engineering Task Force (IETF) on quantum-safe standards and recommends that companies take two steps now to prepare for quantum threats: inventory all cryptographic assets and achieve crypto-agility.
• For the first time, scientists at the University of Sydney have employed a quantum computer to engineer and observe a crucial chemical reaction process by slowing it down by a factor of 100 billion times. This breakthrough could lead to significant advancements in fields like materials science, drug design and solar energy harvesting.
• Google is introducing a hybrid key encapsulation mechanism (KEM) in Chrome 116 to protect the sharing of symmetric encryption secrets during the establishment of secure TLS network connections. This mechanism, named X25519Kyber768, combines X25519, an elliptic curve algorithm used in secure TLS connections, and Kyber-768, a quantum-resistant KEM. While quantum computers might still be some years off, adding post-quantum encryption to current connections diminishes the threat of harvest now, decrypt later, which is becoming a more common strategy from attackers who collect encrypted data now intending to decrypt it later with quantum computers.

Artificial Intelligence (AI)

• A coalition of industry leaders including Adobe, Microsoft and DigiCert created the Coalition for Content Provenance and Authenticity (C2PA), an open standard aimed at addressing the issue of identifying and authenticating digital files. C2PA uses public key infrastructure (PKI) to provide a tamper-evident record, allowing users to differentiate between real and fake media. This specification enables users to determine the origin of a digital file, including who created it, when and where it was created, and any changes made to it. The standard is intended to create transparency and authenticity for digital media files, particularly in a time when AI-generated content is becoming harder to distinguish from reality.
• The DEF CON hacking conference in Las Vegas explored the role of AI in cybersecurity. The Pentagon expressed skepticism about generative AI's accuracy, urging the industry to be more rigorous in defining AI models' capabilities. The cybersecurity industry sees potential in incorporating AI to improve incident investigation and report drafting. The conference demonstrated how educating policymakers through AI demos can enhance AI understanding and development.
• Google's AI arm, DeepMind, is testing a digital watermark called SynthID to identify images created by artificial intelligence (AI), aiming to combat disinformation. SynthID embeds invisible changes to individual pixels in images, making watermarks detectable by computers but invisible to the human eye. Unlike traditional watermarks, DeepMind's system remains identifiable even after cropping or editing.
• British officials from the National Cyber Security Centre (NCSC) have issued warnings about the integration of AI-driven chatbots into businesses, stating that these large language models (LLMs) can be manipulated into performing harmful actions. The NCSC highlighted that researchers have found ways to subvert chatbots by feeding them rogue commands or bypassing their built-in safeguards. The risks are particularly significant when these models are connected to other elements of an organization's business processes, potentially leading to unauthorized transactions or other security breaches.

Vulnerabilities

• Researchers from Italy and the UK have identified four  critical vulnerabilities in TP-Link's L530E smart bulb and its Tapo app, which could potentially allow hackers to gain access to users' Wi-Fi networks and steal their Wi-Fi passwords. The weaknesses include lack of proper authentication during session key exchange, predictable cryptographic schemes and lack of appropriate checks for message authenticity. TP-Link has released a new firmware and app update to address these vulnerabilities, urging users to update their devices promptly.

Data breaches

• Three bankrupt cryptocurrency companies, FTX, BlockFi and Genesis, have experienced data breaches following a  SIM swapping attack targeting financial advisory firm Kroll. The attacker transferred an employee's T-Mobile phone number to a SIM card, allowing access to personal information of bankruptcy claimants in the cases of the three cryptocurrency firms. Kroll has taken action to secure the affected accounts and is cooperating with the FBI for an investigation.
• The London  Metropolitan Police Service (MPS) is investigating a potential data breach resulting from unauthorized access to the systems of one of its suppliers, which had access to sensitive information including names, ranks, photos, vetting levels and pay numbers of officers and staff. The MPS has taken security measures in response and this incident follows recent data breaches in other police organizations, such as the Police Service of Northern Ireland (PSNI) and the Norfolk and Suffolk police constabularies, raising concerns about the potential misuse of compromised information and its impact on officer safety and security.

Malware

• A ransomware attack on Prospect Medical Holdings of Los Angeles has led to the closure of emergency rooms in multiple states and the redirection of ambulance services. The healthcare provider experienced a data security incident that prompted the shutdown of its computer systems. The company is working with third-party cybersecurity experts to investigate the breach and restore normal operations, while the FBI has also launched an investigation. The incident highlights the ongoing vulnerability of the healthcare industry to cyberattacks, with hospitals often needing to rely on paper systems during recovery.
• Hackers have been using a valid code-signing certificate owned by a VPN provider to target victims. This certificate allows the hackers to bypass security measures, avoid raising suspicions and blend in with legitimate software. The same certificate was used to sign the official Ivacy VPN installer, raising concerns about the extent of the breach and potential access the hackers had to sensitive user data.
• A new Android banking malware named MMRat has been discovered. The malware is distributed through websites posing as official app stores, and once installed, it abuses Android's Accessibility Service to gain permissions for malicious actions like real-time bank fraud, capturing user input, screen content, camera data and more. Android users are advised to download apps only from reputable sources and be cautious while granting permissions during installation.
• Hackers are employing a new attack method called "MalDoc in PDF," discovered by Japan’s computer emergency response team (JPCERT), to spread malware while evading security software. The attack involves a VBS macro in the PDFs to download and install malware when opened in Microsoft Office, relying on enabled macros. Users are advised to exercise caution when opening files, especially from unfamiliar sources, and use strong antivirus software to detect such threats.