Infosecurity-magazine.com

Code Signing: How to Respond to the Hidden Threat

How do you know the code you’re using can be trusted? It’s a very important question – organizations and developers need to know code is genuine and hasn’t been tampered with, or they could risk ...
Bleeping Computer

AnyDesk says hackers breached its production servers, reset passwords

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code ...
Geeky Gadgets

1Password now features recovery codes and QR Code sign-in

Recovery codes are unique, secure codes generated by 1Password to help users regain access to their accounts if they forget their password or lose their Secret Key. This feature is particularly ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...
Krebs on Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered ...
Wired

GitHub Moves to Guard Open Source Against Supply Chain Attacks

Following the 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks ...
Wired

A New Tool Wants to Save Open Source From Supply Chain Attacks

Russia's historically destructive NotPetya malware attack and its more recent SolarWinds cyberespionage campaign have something in common besides the Kremlin: They're both real-world examples of ...