Latest News in Digital Trust – January 2023

Digital Trust News Roundup – January 2023 

This is our latest roundup of news about digital security in our connected world. Click here to see the whole series. 

12 news stories you should know about from the last month: 

1. GoTo (owner of LastPass) suffered a data breach, with hackers stealing customer backups and the company's encryption key. The investigation is still underway, but meanwhile, customers are advised to reset all their passwords stored in LastPass. 
2. Researchers claim they can break RSA encryption using a quantum computer, but current RSA algorithms with 2048-bit key size are far from being broken.  
3. A joint advisory by CISA, NSA, and MS-ISAC warns of cyber attackers targeting federal agencies using legitimate remote management systems. Organizations should ensure the security of these systems to prevent breaches and cyberattacks. 
4. GitHub reports an unauthorized user stealing three code signing certificates, which were revoked on Feb. 2. Here’s how to prevent it from happening to you.  
5. The EU fines Meta $400 million for violating privacy laws by collecting and processing EU citizens' data without proper consent. This emphasizes the significance of properly handling personal data to protect privacy. 
6. IoT security is evolving, but experts warn it has not kept up with the threats, as the estimated number of IoT devices in the world that could be easily hacked has now passed 17 billion.  
7. Europol shuts down a multi-million dollar cryptocurrency scam involving individuals posing as trading companies. 
8. Fortinet releases an autopsy report on a critical vulnerability in its SSL-VPN that allowed remote execution of malicious code. The vulnerability was fixed in version 7.2.3. 
9. Okta's source code was stolen after hackers gained access to its GitHub repositories. The company has since secured its repositories and implemented additional security measures. 
10. 235 million Twitter users' email addresses and handles were published in a massive data leak. The cause is under investigation. 
11. A Microsoft Cloud outage affected users around the world. The outage affected Outlook and Teams and Microsoft claims it was caused by a change it made to its “Wide Area Network” which is now resolved.   
12. An outage caused by an FAA system failure left thousands of flights in the United States delayed. The failure was caused by a damaged data file that personnel were responsible for corrupting, likely by two contractors who failed to follow government procedures.  

Bonus news:  DigiCert introduced Trust Lifecycle Manager, a full-stack digital trust solution for unified CA-agnostic certificate management and PKI services. If you haven’t already, check it out.  

Subscribe for our monthly updates in digital security and privacy.