Here is our latest news roundup of articles about network and TLS/SSL security. Click here to see the whole series.

TLS news

• TLS certificates issued within the past three months from Let’s Encrypt may need to be revoked because of a bug. This revocation could impact millions of certificates. Read more about what happens when certificates must be revoked and why in our Guide to TLS Certificate Revocations.

Data security

• Google Drive released warning banners in January that warn users of suspicious files that could be phishing or malware.

Data breaches

• In 2021, data breaches reached a record high, rising 68% from previous years. The Identity Theft Resource Center reported 1,862 data breaches in 2021, significantly higher than the previous record of 1,506 in 2017. Furthermore, the report found that ransomware attacks have doubled in the past two years and warns that both individuals and businesses are at risk.

Vulnerabilities

• A flaw that Microsoft fixed almost a decade ago is still being used by hackers, recently affecting over 2,000 victims in over 100 different countries. Hackers use the nine-year-old flaw to plant malware, dubbed ZLoader, onto devices by modifying a dynamic-link library (DLL) file that is digitally signed by Microsoft.
• Researchers warned that a flaw in all major Linux systems could be exploited to gain access to full root privileges.

Ransomware

• Hacktivists claimed to have infected the Belarus rail system with ransomware to stop Russia from advancing into the country. On Twitter, they announced that they would only offer the decryption key if Belarus President Alexander Lukashenko agreed to stop aiding Russian troops and released political prisoners in need of medical assistance. This attack is the first of its kind to be used in this way.

Quantum computing

• Researchers from the University of Sussex, UK, have found that cryptocurrencies like bitcoin are a long way away from being at risk to quantum attacks. Quantum computers would need to be 1 million times larger than they currently are to break the cryptographic algorithm that secures bitcoin, which could take a decade to become a reality, according to the researchers.

Government regulation

• The U.S. White House held a meeting of both government and private stakeholders in January to discuss ways to improve the security of open source software. Proposed plans include integrating security into development tools and using best practices like code signing, strong digital identities and informing the public of what is in the software they purchase and use. This is one of many discussions that have taken place since President Biden made software security a national priority.
• Britain launched its first ever Government Cyber Security Strategy. This will make it easier for the public to report cyber vulnerabilities and attacks and includes investments into protecting Britain’s public services from cyber threats.