Stolen Nvidia certificates used to sign malware—here’s what to do

As we wrote on March 3, 2022 Nvidia, was recently attacked by the LAPSUS$ ransomware group. The ensuing data leak included two of NVIDIA’s code signing certificates. Those certificates are now being used to sign malware. Leaked signing certificates from major vendors like Nvidia come with huge...

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

Two of NVIDIA’s code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered – certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines. The Feb. 23 attack saw 1TB of data bleed fro...

Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 SP2 (KB5009722)

Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 and 4.6.2 for Windows Server 2008 SP2 KB5009722 Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 and 4.6.2 IMPORTANT Verify that you have installed...

New BLISTER Malware Using Code Signing Certificates to Evade Detection

Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has...

Microsoft Windows CryptoAPI Spoofing Vulnerability

Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was fro...

Limelighter - A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones

A tool which creates a spoof code signing certificates and sign binaries and DLL files to help evade EDR products and avoid MSS and sock scruitney. LimeLighter can also use valid code signing certificates to sign files. Limelighter can use a fully qualified domain name such as acme.com...

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be...

PT-2021-6307 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the implementation of the Windows Authenticode code signing technology in the Microsoft Windows...

CVE-2021-30773

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

Design/Logic Flaw

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

CVE-2021-30773

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

CVE-2021-30773

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

Macs turn on apps signed by Symantec, treat them as malware

On August 23, following an update to Apples security systems on macOS, some Mac users began to see security alerts about some of their apps, claiming that they "will damage your computer," and offering users the option to "report malware to Apple." This has led to much confusion online, and to an...

CVE-2021-33592

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function...

Code injection

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function...

CVE-2021-33592

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function...

CVE-2021-33592

Summary: CVE-2021-33592 affects NAVER Toolbar prior to 4.0.30.323. A crafted upgrade.xml file can enable remote code execution. The root cause is that special characters in the filename parameter can bypass the code-signing check, allowing execution of arbitrary code. Publicly cited sources (Red ...

PT-2021-20218 · Naver · Naver Toolbar

Name of the Vulnerable Software and Affected Versions: NAVER Toolbar versions prior to 4.0.30.323 Description: The issue allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in the filename parameter can bypass the code signing check function...

A New Tool Wants to Save Open Source from Supply Chain Hacks

Sigstore will make code signing free and easy for software developers, providing an important first line of defense...

Call of Duty Cheats Expose Gamers to Malware

Activision, the company behind Call of Duty: Warzone, has issued a warning that a threat actor is taking out ads for cheat tools, which instead turn out to be remote-access trojan RAT malware . The scam was first floated in March when a cyberattacker posted in hacking forums that they had a free,...