Here is our latest roundup of news about digital security in our connected world. Click here to see the whole series.

DigiCert news

• DigiCert acquired DNS Made Easy, a provider of managed Domain Name System (DNS) services for enterprises. This expands DigiCert’s digital trust portfolio and will enable DigiCert to offer a seamless approach to certificate lifecycle management.
• DigiCert announced support for the Matter protocol, the first effort to provide a standard for secure, reliable interoperability for smart home devices, mobile apps and cloud services. DigiCert was invited as the global leader in digital trust to help develop the PKI specification for the Matter protocol, and as the time approaches for manufacturers to adopt the standard, DigiCert offers support to manufactures to become matter compliant.

Browser

• Microsoft retired Internet Explorer June 15. Internet Explorer had been functioning for about 27 years and Microsoft is retiring it in favor of the newer Microsoft Edge. If users are still going to Internet Explorer, Microsoft plans to temporarily redirect them to Microsoft Edge.

TLS/SSL

• A failure to renew a certificate led to an eight-hour podcast outage for shows hosted by Megaphone. The outage left users without access to Megaphone CMS or the ability to download from Megaphone-hosted publishers. Megaphone hosts some of the top podcasts in the industry and is owned by Spotify.
• Another unrenewed certificate caused an outage for users of insider.windows.com. The Windows Insider software testing program webpage was down June 9 for a few hours.

Malware

• A highly sophisticated malware, ZuoRAT, was discovered on routers in North America and Europe that appears to come from advanced hackers, possibly by a nation-state actor. Researchers say the malware could give the hackers full control of connected devices using Windows, macOS and Linux, and is probably part of a broader campaign that has gone since Q4 2020.

Vulnerabilities

• A new vulnerability found in smart hot tubs left personal data, like names and email addresses, of owners exposed. The SmartTubs allow owners to remotely manage them (control water temperature, switch on and off lights or jets) with an app. Researchers say that hackers could potentially control these features as well.
• The data of over 460,000 people was at risk after an unnamed employee in Amagasaki, Japan, lost a flash drive containing information on the entire city’s population on a night out. The man lost the flash drive after carrying it home from work and on his night out, discovered his bag containing the drive was gone. The city government issued a reminder to get permission before taking sensitive data out of the office.

Data breaches

• The California Department of Justice accidentally leaked gun owners' information, including names, ages, addresses and more. The information was easily downloadable on the Firearms Dashboard Portal on their website. The data was available for under 24 hours, and included information on hundreds of thousands of gun owners in California.
• Several malicious Python libraries were caught stealing AWS credentials and network information and transferring them to a remote endpoint. Unfortunately, the endpoints stored this information in .TXT files with no authentication, leaving them open to anyone on the web.