We have become aware of the following security alerts and would like to share them with our defence customers.
Iranian Cyber Threat
A threat to critical infrastructure in light of the current tensions between Iran and the United States. Iran is known to have used cyber offensive activities in the past to attack its adversaries.
As a result, it is recommended that you:
- Adopt a state of heightened awareness
- Increase your organisational vigilance
- Confirm incident reporting processes
- Exercise organisational incident response plans
Full details and recommended actions here: https://www.us-cert.gov/ncas/alerts/aa20-006a
Windows CryptoAPI Spoofing Vulnerability
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. Only Windows 10 versions of the OS are affected. It was identified by the US National Security Agency (NSA).
This means that an attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
Full details and the security update links from Microsoft here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
Any questions? Please contact the team at Ascentor.
T: 01452 881712