Beware of Expired or Compromised Code Signing Certificates

Beware of Expired or Compromised Code Signing Certificates

Given the alarming rise in software supply chain attacks and consumers growing more cyber-aware and security-conscious, software providers need to demonstrate a stronger commitment to securing their software and applications and fostering ...
‘Crypto Bug of the Year’ Fixed — Update Java NOW

‘Crypto Bug of the Year’ Fixed — Update Java NOW

A ridiculously dumb flaw in Java’s signature checking code is patched. This isn’t some crufty legacy Sun code, but actual garbage Oracle sloppiness that’s causing IT people to chase their tails yet again ...
Security Boulevard
Data Regulation Data Breaches

Cyberespionage Group Steals Certificates to Sign Malware

A cyberespionage group has stolen code-signing certificates from D-Link and another Taiwanese technology company and used them to sign a backdoor program. BlackTech is a group of attackers known for targeting organizations ...
Security Boulevard
Large Percentage of Malware Downloads Are Signed with Valid Certificates

Large Percentage of Malware Downloads Are Signed with Valid Certificates

The misuse of code signing certificates is so widespread that a larger percentage of malware downloaded to computers is digitally signed than that of benign software programs. Antivirus company Trend Micro studied ...
Security Boulevard