Dark Reading

Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs

Malware authors have for some time been using code-signing certificates for their malicious payloads so they can sneak past enterprise anti-malware tools. But contrary to popular belief, not all of ...
Krebs on Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered ...
Threat Post

D-Link Accidentally Leaks Private Code-Signing Keys

Private keys used to sign D-Link software were included in open-source firmware published by the company. A simple mistake by networking gear manufacturer D-Link could have opened the door for costly ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...
Wired

GitHub Moves to Guard Open Source Against Supply Chain Attacks

Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...
InfoWorld

Understanding Microsoft’s Trusted Signing service

How do we ensure that the code we’re installing is, at the very least, the code that a vendor shipped? The generally accepted solution is code signing, adding a digital signature to binaries that can ...