Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
SecurityWeek

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates that hackers obtained through its internal support portal as part of a social engineering ...

Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates

Microsoft fixed a Defender false positive that flagged legitimate DigiCert certificates as malware, disrupting Windows trust ...

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in ...
Dark Reading

ConnectWise to Rotate Code-Signing Certificates

ConnectWise this Friday will rotate all code-signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise RMM. While the software company recently disclosed a nation-state attack, it ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...
Krebs on Security

Tag Archives: code-signing certificates

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

It remains unclear how the threat actor compromised access token used in the breach. Kind of rare to read about a security breach that requires no action. So kudos to Github for good practices. That ...