HorseDeal Riding on The Curveball!

Credit to Author: Jayesh kulkarni| Date: Wed, 05 Feb 2020 06:17:49 +0000

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could…

Read more

NSA and Github ‘rickrolled’ using Windows CryptoAPI bug

Credit to Author: Paul Ducklin| Date: Thu, 16 Jan 2020 17:42:09 +0000

We said, “Assume that someone will find out how to do it pretty soon,” and that’s exactly what happened.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/XhJpjHyVCqc” height=”1″ width=”1″ alt=””/>

Read more

Patch Tuesday, January 2020 Edition

Credit to Author: BrianKrebs| Date: Wed, 15 Jan 2020 02:31:50 +0000

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates.

Read more