Proof-of-concept code for exploiting Windows crypto-spoofing bug published

clock • 2 min read

Windows CryptoAPI flaw could enable attackers to launch man-in-the-middle attacks and to spoof signatures for emails and files

Security researchers have released two proof-of-concepts (PoC) for exploiting the Microsoft-NSA crypto-spoofing vulnerability (CVE-2020-0601) that was only patched and publicised on Tuesday. The...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Ivanti patches bugs in Connect Secure and Policy Secure gateways

Threats and Risks

Ivanti patches bugs in Connect Secure and Policy Secure gateways

Comes on the heels of federal-level security concerns

clock 05 April 2024 • 3 min read
Cyber agency took systems offline after hack, report

Hacking

Cyber agency took systems offline after hack, report

CISA cautioned last month about threat actors exploiting multiple Ivanti vulnerabilities

clock 11 March 2024 • 3 min read
Two command injection bugs threaten Fortinet's FortiSIEM

Threats and Risks

Two command injection bugs threaten Fortinet's FortiSIEM

Affect versions from October 2022 to 2024

clock 07 February 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Interview: Sharp UK, Security Excellence Awards finalist
Security

Interview: Sharp UK, Security Excellence Awards finalist

'We make technology easy by listening, taking the time to understand our clients, and creating seamless solutions that work'

Computing Staff
clock 12 April 2024 • 4 min read
Interview: LRQA Nettitude, Security Excellence Awards finalist
Security

Interview: LRQA Nettitude, Security Excellence Awards finalist

'We are the only cybersecurity team in the world with a full suite of CREST accreditations'

Computing Staff
clock 11 April 2024 • 4 min read
Interview: Nationwide Building Society, Security Excellence Awards finalist
Security

Interview: Nationwide Building Society, Security Excellence Awards finalist

'Working hard on cyber and wider operational resilience means that whatever happens we can be increasingly confident of being there for our customers when they need us'

Computing Staff
clock 10 April 2024 • 3 min read