At a glance.
- Spoofing vulnerability discovered in Windows CryptoAPI.
- Python-based malware distributed via phishing.
- MacOS may have a reputation for threat-resistance, but users shouldn't get cocky.
- DevSecOps survey results show tension between innovation and security.
- Russian hacktivist auxiliaries hit German targets.
- Private sector support for Ukraine's cyber defense.
- CISA issues two ICS advisories.
Spoofing vulnerability discovered in Windows CryptoAPI.
Akamai this morning released research detailing their analysis of a critical spoofing vulnerability, CVE-2022-34689, affecting Windows CryptoAPI. The vulnerability allows for malicious actors to feign a genuine entity’s identity and perform certain actions. According to Microsoft, this vulnerability allows for attackers to “spoof their identity and perform actions such as authentication or code signing as the targeted certificate.” CryptoAPI is the primary Windows API handling cryptography; particularly certificates. Akamai says exploitation has two primary steps: in the first, malicious actors take a “legitimate certificate, modify it, and serve the modified version to the victim,” researchers explain. “The second phase involves creating a new certificate whose MD5 collides with the modified legitimate certificate, and using the new certificate to spoof the identity of the original certificate’s subject.” The vulnerability, although rated critical, was only given a CVSS score of 7.5. Researchers attribute that rating to “the limited scope of vulnerable applications and Windows components in which the vulnerability prerequisites are met.” For more on the CryptoAPI vulnerability, see CyberWire Pro.