Infosecurity-magazine.com

Code Signing: How to Respond to the Hidden Threat

How do you know the code you’re using can be trusted? It’s a very important question – organizations and developers need to know code is genuine and hasn’t been tampered with, or they could risk ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...
CSOonline

Nvidia hackers release code-signing certificates that malware can abuse

The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company’s old code-signing certificates. Researchers warn the drivers could be used to ...
Bleeping Computer

Microsoft Trusted Signing service abused to code-sign malware

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates ...
Dark Reading

Impersonation Fraud Still Effective in Obtaining Code Signatures

From IRS tax scams to business email compromises, fraudsters impersonating authority figures are a well-known hazard for online users. However, impersonation is also becoming an increasingly used ...
CSOonline

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...