{"id":601763,"date":"2023-01-27T06:56:02","date_gmt":"2023-01-27T12:56:02","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/27\/your-apps-and-windows-devices-could-be-facing-a-whole-new-kind-of-threat\/"},"modified":"2023-01-27T06:56:02","modified_gmt":"2023-01-27T12:56:02","slug":"your-apps-and-windows-devices-could-be-facing-a-whole-new-kind-of-threat","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/27\/your-apps-and-windows-devices-could-be-facing-a-whole-new-kind-of-threat\/","title":{"rendered":"Your apps and Windows devices could be facing a whole new kind of threat"},"content":{"rendered":"<article aria-label=\"article\" data-id=\"sNJ4tx2vYEayAcp9jXE8ad\">\n<header>\n<nav aria-label=\"Breadcrumbs\">\n<ol>\n<li>\n<a href=\"https:\/\/www.techradar.com\" aria-label=\"Return to Home\">Home<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/news\" aria-label=\"Return to News\">News<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/computing\" aria-label=\"Return to Computing\">Computing<\/a>\n<\/li>\n<\/ol>\n<\/nav>\n<\/header>\n<section>\n<div itemprop=\"image\" itemscope itemtype=\"https:\/\/schema.org\/ImageObject\">\n<div>\n<picture><source type=\"image\/webp\" alt=\"Illustration of a laptop with a magnifying glass exposing a beetle on-screen\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\"><source type=\"image\/jpeg\" alt=\"Illustration of a laptop with a magnifying glass exposing a beetle on-screen\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\"><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV-320-80.jpg\" alt=\"Illustration of a laptop with a magnifying glass exposing a beetle on-screen\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\"><\/picture>\n<\/div>\n<p><meta itemprop=\"url\" content=\"https:\/\/cdn.mos.cms.futurecdn.net\/kRtHbjAFn8eddN3sLMFXLV.jpg\"><br \/>\n<meta itemprop=\"height\" content=\"600\"><br \/>\n<meta itemprop=\"width\" content=\"338\"><figcaption itemprop=\"caption description\">\n<span itemprop=\"copyrightHolder\">(Image credit: Shutterstock \/ Kanoktuch)<\/span><br \/>\n<\/figcaption><\/div>\n<div id=\"article-body\">\n<p>A critical flaw in Windows-powered datacenters and applications, which Microsoft fixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of different <a href=\"https:\/\/www.techradar.com\/best\/best-malware-removal\">malware<\/a>, or even <a href=\"https:\/\/www.techradar.com\/best\/best-ransomware-protection\">ransomware<\/a>, attacks.<\/p>\n<p>Cybersecurity researchers from Akamai published a proof-of-concept (PoC) for the flaw, and determined the high percentage of yet unfixed devices.<\/p>\n<p>The vulnerability Akamai is referring to is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to authenticate, or sign code, as the targeted certificate. In other words, threat actors can use the flaw to pretend to be another app or OS and have those apps run without raising any alarms.\u00a0<\/p>\n<h2 id=\"ignoring-the-patch\">Ignoring the patch<\/h2>\n<p>&#8220;We found that fewer than one percent of visible devices in data centers are patched, rendering the rest unprotected from exploitation of this vulnerability,&#8221; Akamai researchers said.\u00a0<\/p>\n<p>Speaking to The Register, the researchers confirmed that 99% of endpoints were unpatched, but that doesn\u2019t necessarily have to mean they\u2019re vulnerable &#8211; there still needs to be a vulnerable app for the attackers to exploit.\u00a0<\/p>\n<p>The flaw was given a 7.5 severity score, and labeled as \u201ccritical\u201d. Microsoft released a patch in October 2022, but few users have applied it yet.\u00a0<\/p>\n<p>&#8220;So far, we found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited,&#8221; the researchers said. &#8220;We believe there are more vulnerable targets in the wild and our research is still ongoing.&#8221;<\/p>\n<p>When Microsoft originally patched the flaw, it said that there was no evidence of the vulnerability being exploited in the wild. However, now with the PoC publicly available, it\u2019s safe to assume that different threat actors will start hunting for vulnerable <a href=\"https:\/\/www.techradar.com\/news\/best-endpoint-security-software\" target=\"_blank\" rel=\"noopener\">endpoints<\/a><span> (opens in new tab)<\/span>. After all, the methodology has been given to them on a silver platter, all they need to do is find a victim.\u00a0<\/p>\n<ul>\n<li>Check out the <a href=\"https:\/\/www.techradar.com\/best\/firewall\" target=\"_blank\" rel=\"noopener\">best firewalls<\/a><span> (opens in new tab)<\/span> around<\/li>\n<\/ul>\n<p>Via: <a href=\"https:\/\/www.theregister.com\/2023\/01\/26\/windows_cryptoapi_bug_akamai\/\" target=\"_blank\" data-url=\"https:\/\/www.theregister.com\/2023\/01\/26\/windows_cryptoapi_bug_akamai\/\" rel=\"noopener\">The Register<\/a><span> (opens in new tab)<\/span><\/p>\n<\/div>\n<div data-hydrate=\"true\" data-reactroot id=\"slice-container-newsletterForm-articleInbodyContent\">\n<section>\n<p>Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<div data-reactroot id=\"slice-container-authorBio\">\n<p>Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he\u2019s written for numerous media outlets, including Al Jazeera Balkans. He\u2019s also held several modules on content writing for Represent Communications.<\/p>\n<\/div>\n<\/section>\n<p><a href=\"https:\/\/www.techradar.com\/news\/your-apps-and-windows-devices-could-be-facing-a-whole-new-kind-of-threat\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Clora Redner<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home News Computing (Image credit: Shutterstock \/ Kanoktuch) A critical flaw in Windows-powered datacenters and applications, which Microsoft fixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of different malware, or even ransomware, attacks.Cybersecurity researchers from Akamai published a proof-of-concept (PoC) for the flaw, and determined the high percentage<\/p>\n","protected":false},"author":1,"featured_media":601764,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2540,46,23032],"tags":[],"class_list":{"0":"post-601763","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-devices","8":"category-technology","9":"category-windows"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/601763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=601763"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/601763\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/601764"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=601763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=601763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=601763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}