Additionally, the S/MIME working group is developing a new set of Baseline Requirements and a rough draft was discussed at this month’s CA/B Forum. However, the requirements likely will take time to adopt, and will go into effect in the next year or two.
The NSA warned organizations of a new risk in wildcard certificates named ALPACA. The NSA recommended that organizations inventory the current scope of wildcard certificates in use and, going forward, limit the use of wildcard certificates to avoid this type of attack.
Facebook, WhatsApp and Instagram were down for about six hours on Oct. 4 due to “an internal technical issue.” The issue took longer than usual to resolve because it affected the company’s internal systems, preventing employees from accessing the building and company networks. Facebook issued a statement apologizing and reassuring users that there was no evidence that user data was compromised as a result.
A hacker accessed a government ID database for the entire population of Argentina, including celebrities and sports starts like Lionel Messi. The hacker plans to sell and leak the stolen ID card details to any interested buyers. The breach affects over 45 million people and was likely achieved through a compromised VPN account.
A former Microsoft security analyst claims that OneDrive and Office365 have been hosting malware for years. A Microsoft spokesperson responded to the story, saying: "Abuse of cloud storage is an industry-wide issue and we're constantly working to reduce the use of Microsoft services to cause harm. We are investigating further improvements to prevent and rapidly respond to the types of abuse listed in this report."
Apple criticized EU draft rules that would allow users to install software from outside the Apple App Store, claiming it could lead to increased malware. However, the Coalition for App Fairness claims that security measures like encryption and anti-virus programs provide device security, not the App Store.