Week 44 | 31st Oct– 4th Nov 2022

Key Issue: Two high-severity vulnerabilities found in OpenSSL software
Cybercriminals: Researchers identify a spike in cryptocurrency theft operations
Nation-State: Russian threat actors continue targeting countries that support Ukraine

KEY ISSUE:

This week we reported on two high-severity vulnerabilities in OpenSSL, a software library for applications that secures communications over computer networks including many HTTPS websites. The vulnerabilities are tracked as CVE-2022-3786 and CVE-2022-3602. CVE-2022-3786, is susceptible to buffer overflow operations that could enable threat actors to create a malicious email address in signed digital certificates used to encrypt communications between end-users and HTTPS-secured websites. This can be exploited in Transport Layer Security (TLS) servers when requests for client authentication are fulfilled by threat actor-controlled clients. CVE-2022-3602 is similarly exploitable in TLS servers via buffer overflow operations and could result in denial of service or remote code execution. While there has been no evidence of current exploitation in the wild, OpenSSL users are advised to upgrade to the latest version, 3.0.7 as soon as possible.

We access that threat actors will likely seek to target vulnerable OpenSSL versions, particularly when remote code execution can be achieved via exploitation of CVE-2022-3602. This would follow the increasing trend of threat actors seeking to routinely target vulnerabilities to provide initial access to their targets.