Security News

As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team is battling. To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates.

A bug in OpenSSL certificate parsing leaves systems open to denial-of-service attacks from anyone wielding an explicit curve. The vulnerability stems from a bug in the BN mod sqrt() function, which the OpenSSL team said is used to parse certificates that "Contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form." As it turns out, all you need to do to trigger an infinite loop in BN mod sqrt() is hand an OpenSSL-based application or service a certificate with invalid explicit curve parameters.

Russia is offering its own trusted Transport Layer Security certificate authority to replace certificates that need to be renewed by foreign countries. According to a notice on Russia's public service portal, Gosuslugi, as shown in a translated version in this article's featured art, the certificates will replace foreign security certs if they expire or get yanked by foreign CAs.

Moscow has set up its own certificate authority to issue TLS certs to Russians affected by sanctions or otherwise punished for president Putin's invasion of Ukraine. A notice on the government's unified public service portal states that the certificates will be made available to Russian websites unable to renew or obtain security certificates as a knock-on effect of Western sanctions and organizations refusing to support Russian customers.

Ukraine's Computer Emergency Response Team warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. "In this way, they gain access to the email inboxes of Ukrainian citizens."

Two of Nvidia's code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered - certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines. Security researchers noted last week that binaries that hadn't been developed by Nvidia, but which had been signed with its stolen certificate to come off like legitimate Nvidia programs, had appeared in the malware sample database VirusTotal.

Ransomware remains a prime threat, putting millions of organizations at risk. An analysis of the rise in major threats is made available in the Agency's 2021 Annual Threat Landscape report.

Microsoft says Samsung devices enrolled in Microsoft Intune using a work profile will experience email and VPN connectivity issues due to missing certificates after upgrading to Android 12. Microsoft Intune is a cloud-based service designed to help admins manage Windows, macOS, iOS/iPadOS, and Android apps and devices in enterprise environments.

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. Roughly a month ago, Google Threat Analysis Group security researcher Neel Mehta discovered that the developers of an unwanted software known as OpenSUpdater started signing their samples with legitimate but intentionally malformed certificates, accepted by Windows but rejected by OpenSSL. By breaking certificate parsing for OpenSSL, the malicious samples would not be detected by some security solutions that use OpenSSL-powered detection rules and allowed to perform their malicious tasks on victims' PCs. "Since mid-August, OpenSUpdater samples have carried an invalid signature, and further investigation showed this was a deliberate attempt to evade detection," Mehta said.

Indonesian authorities have admitted that the COVID-19 vaccination certificate of the nation's President has circulated online and tried to explain that it's an indication of admirable transparency, rather than lamentable security. In one camp are those who argue that the document's unplanned public debut is more evidence that Indonesia's government is bad at securing information.