Here is our latest roundup of news about digital security in our connected world. Click here  to see the whole series.

DigiCert news

• DigiCert has partnered with ReversingLabs, a leading software supply chain security company, to strengthen software security. This collaboration will merge ReversingLabs' advanced binary analysis and threat detection capabilities with DigiCert's secure code signing solution. Customers can benefit from enhanced software integrity by identifying and eliminating known threats such as malware, software implants, tampering and exposed secrets before securely signing their software.
   

• In response to the compliance challenges faced by companies regarding the recent CA/Browser (CA/B) Forum requirements, which mandate the storage of code signing private keys in FIPS 140-2 compliant hardware, DigiCert has introduced a solution called DigiCert KeyLocker. This new capability delivers strong key protection for code signing private keys in a cloud delivered service that meets CA/B Forum requirements. KeyLocker provides secure key storage, key generation and signing without the constraints of a physical token. 

Data breaches

• British Airways, Boots and the BBC were among the organizations affected by a major data breach originating from their payroll provider, Zellis, which was targeted through the use of the MOVEit file transfer software. Tens of thousands of employees had their personal data exposed. The Russian group of cybercriminals responsible for the hacks, known as "Lace Tempest" or the cl0p team, confirmed their involvement and threatened to name non-paying victims on their website. This is just the latest example of a software supply chain attack and should be a wake-up call for all software vendors that they and their customers are vulnerable. This demonstrates why organizations need a management solution, like DigiCert^® Software Trust Manager, that can give them visibility into their software.  
   

• In February, Reddit experienced a hack in which hackers gained access to 80GB of internal data through a phishing campaign. The ransomware group responsible for the attack, known as BlackCat, is now demanding a $4.5 million ransom and policy changes from Reddit. In addition to the ransom, BlackCat demands that Reddit reverses its planned API pricing changes, which recently faced backlash from users and moderators. Reddit confirmed the phishing attack earlier this year and stated that user data that was not already public had not been compromised.

Artificial Intelligence (AI)

• A survey conducted by Malwarebytes has found that 81% of respondents are concerned about the security risks associated with ChatGPT and generative AI. The survey collected responses from 1,449 individuals, with 51% questioning whether AI tools can improve internet safety and 63% expressing distrust in information generated by ChatGPT. Only 7% of participants agreed that ChatGPT and other AI tools will enhance internet safety. 
   

• The RSA 2023 conference highlighted the growing significance of AI in cybersecurity. AI's analytical capabilities benefit both attackers and defenders, with defenders utilizing AI to enhance their threat detection and system security. AI allows for faster and more extensive analysis of systems, freeing up human resources to focus on critical alerts. However, AI lacks human creativity and can only replicate what it has learned. Experts believe that AI will play a crucial role in cybersecurity defense, helping with data analysis and imposing restrictions on entitlements. 

Quantum

• Google claims to have achieved "quantum supremacy" with a new quantum computer that can perform calculations in an instant, which would take the best classical supercomputers 47 years to complete. In 2019, Google made a similar claim, but it was met with skepticism from competitors like IBM. However, the tech giant now says it has developed a more powerful quantum computer that surpasses classical machines. For more information about the impact of quantum computers, read our blog series on quantum.
   

• Microsoft has announced plans to build a quantum supercomputer after researchers predicted that quantum computers will surpass standard computers within the next two years. Microsoft claims to have made a breakthrough by engineering a stable type of qubit, a fundamental unit of quantum computing, which will enable the construction of a quantum supercomputer capable of performing one million quantum operations per second. The company aims to complete the construction within the next decade and revolutionize scientific discoveries and problem-solving.

Standards & regulation

• DigiCert attended the CA/B Forum meeting in June, and the key discussions centered on automation. Automation is seen as beneficial for simplifying processes and increasing security, with Chrome proposing shorter certificate validity and new validation processes, for which no final decision has been made and Chrome is currently seeking feedback. DigiCert also proposed a new Ballot SMC03 for clarifications and corrections to the forum’s S/MIME Baseline Requirements (BRs). Among other things, the ballot clarifies the roles and responsibilities for Enterprise RAs and provides a transition plan for existing issuing CAs. In addition, DigiCert worked with ETSI's Electronic Signature & Infrastructures group to develop ETSI TS 119 411-6, which introduces the S/MIME BRs to ETSI audit regimes. The next CA/B Forum meeting will be hosted by GlobalSign in October.
   

• The European Commission has sent a Statement of Objections to Google, alleging that the company violated EU antitrust rules by distorting competition in the online advertising technology industry. The commission's preliminary view is that Google favored its own online display advertising technology services over competing providers, to the detriment of advertisers, publishers and other advertising technology services. The commission considers that a behavioral remedy would be ineffective and suggests that divestment by Google of part of its services may be necessary.  
   

• The European Council and Parliament have reached a provisional political agreement on a new framework for a European digital identity (eID). The agreement aims to provide secure and seamless access to cross-border public and private services in the EU. The framework includes the concept of a European digital identity wallet, which will serve as a universal means of electronic identification and authentication. The wallet will be issued under national schemes and must meet a high level of trust and assurance. 

Vulnerabilities

• More than 200,000 WordPress websites are at risk of ongoing attacks due to a critical vulnerability in the Ultimate Member plugin. The flaw, identified as CVE-2023-3460, allows attackers to create new user accounts with administrative privileges, granting them complete control over affected sites. The issue stems from a conflict between the plugin's blocklist logic and the way WordPress handles metadata keys. The plugin's maintainers have attempted to address the issue in recent versions, but site owners are advised to disable the Ultimate Member plugin and audit their administrator roles to identify any rogue accounts.
   

• Security researchers have discovered a vulnerability in Microsoft Teams that could allow attackers to deliver malware directly to employees' inboxes. The bug exploits Microsoft's default configuration, which allows users from outside the organization to contact staff members. By exploiting this vulnerability, attackers can bypass security controls and send a malicious payload that appears as a file for download. While the researchers have notified Microsoft, the company has stated that the vulnerability does not require immediate action. In the meantime, organizations are advised to restrict external tenant access, adjust security settings, and educate employees about the potential for social engineering attacks via productivity apps like Teams.

Malware

• Security vendor Checkpoint has discovered that malware originally intended to spread via USB drives is unintentionally infecting networked storage devices. If installed, the malware opens a backdoor in an attempt to exfiltrate data. The malware, attributed to a group called Camaro Dragon, is believed to be primarily targeting Asian victims and contains features designed to evade detection by popular Asian antivirus solutions. The malware has, however, been detected in several countries, including Myanmar, South Korea, Great Britain, India and Russia.  
   

• A trojanized installer for the Super Mario 3: Mario Forever game for Windows has been discovered to infect users' computers with multiple malwares. It is likely distributed through gaming forums, social media groups or via malvertising. The installer contains three executables, one of which installs the legitimate game while the other two discreetly install a Monero miner and a SupremeBot mining client onto the victim's AppData directory. Users are advised to scan their computers for malware, reset passwords at sensitive sites and ultimately download software from official sources.