CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

PT-2024-20774 · Rustdesk · Rustdesk

Name of the Vulnerable Software and Affected Versions: RustDesk version 1.2.3 Description: A default installation of RustDesk on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing, valid from 2023 until 2033. This is...

AnyDesk < 8.0.8 Invalidated Signing Certificate

A security update as been issued by the vendor advising their code signing certificate has changed on product versions less than 8.0.8. The vendor recommends updating to the latest version as the previous certificate will soon be invalidated. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Microsoft addresses App Installer abuse

28 October 2024 Update Microsoft disabled the ms-appinstaller URI scheme handler by default in App Installer on 28 December 2023 as a security response to protect customers from attackers’ evolving techniques against previous safeguards for CVE-2021-43890. Microsoft is pleased to announce that we...

Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing

The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023...

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider IDP as initial access into an environment with the goal of stealing Intellectual Property IP for extortion. LUCR-3 targets Fortune 20...

RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method...

Security Updates for Microsoft .NET Framework (August 2023)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A remote code execution vulnerability in applications running on IIS using their parent application's Application Pool which can lead to...

CVE-2023-36862

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

CVE-2023-36862

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

CVE-2023-36862

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

CVE-2023-36862

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location...

CVE-2023-36862

CVE-2023-36862 describes a downgrade issue in Intel-based macOS where an app could determine a user’s current location. In the connected CNVD entry, the vulnerability is framed as an Apple macOS Ventura information-disclosure flaw that could reveal location, aligning with the NVD description. The...

PT-2023-4078 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.5 Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue may allow an app to determine a user’s current location. The vulnerability is...

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

Microsoft Windows Authenticode 安全漏洞

Microsoft Windows Authenticode is a code-signing technology from Microsoft Corporation USA that identifies the publisher of Authenticode-signed software. A security vulnerability exists in Microsoft Windows Authenticode. An attacker exploits this vulnerability to perform spoofing attacks...

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to...

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...

Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK

apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget...