Beware of Expired or Compromised Code Signing Certificates

One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security.
Code signing certificates, used for digitally signing applications and software, are an integral part of the secure software development process.
Software appended with a digital signature from a code signing certificate indicates that the code has not been altered or tampered with since it was signed.
While code signing is an essential and effective security practice, its effectiveness hinges on proper management of code signing certificates and keys.
Typically, the responsibility of storing and managing code signing certificates falls upon DevOps teams.
As developers are hyper-focused on the rapid and agile pace of software development and delivery, securely managing code signing keys and certificates is often an afterthought.
As a result, private keys and code signing certificates often end up stored insecurely on local machines and build servers.
Mismanaged code signing certificates and keys can lead to certificate expiry and compromises that can often go undetected for a long time, posing significant risks to the security and integrity of software.
Here are some common risks associated with expired and compromised code signing certificates.
Risks of Expired Code Signing Certificates Inability to Sign Code: Once a code signing certificate expires, it can no longer be used to sign code.
User Trust Issues: End-users and systems rely on code signing certificates to verify the authenticity and integrity of software.
If a code signing certificate used to signcode expires and timestamping is not applied , the digital signature will expire and the software will then raise warnings.
Risks of Compromised Code Signing Certificates Malware Distribution: If a code signing certificate is compromised, attackers can use it to sign malicious code, making the software or updates appear legitimate.
Impersonation Attacks: When a code signing certificate is compromised, the digital identity of the legitimate software publisher is essentially compromised.
Legal and Reputational Impact: A compromised code signing certificate can have severe legal and reputational consequences for the affected software development organization if the signed code causes harm or damage to users or systems.
The dangers associated with using expired or compromised code signing certificates are too significant to be overlooked, especially in light of the increasing rate of software supply chain threats and code signing becoming a soft target.
Given how vital code signing certificates are to ensuring the integrity and security of software, it is imperative to implement secure code signing processes to safeguard the software supply chain and uphold user trust.
Read this blog to learn about Seven Code Signing Best Practices You Need to Know to practice secure code signing without undermining the speed and agility of modern-day DevOps.
AppViewX SIGN+ is a fast, reliable, and secure code signing solution built to protect the integrity of code, containers, firmware, and software.
With a centralized and integrated approach, AppViewX SIGN+ is designed to simplify code signing for DevOps, enhance software supply chain security, and extend trust to end users.


This Cyber News was published on securityboulevard.com. Publication date: Tue, 05 Dec 2023 05:43:05 +0000


Cyber News related to Beware of Expired or Compromised Code Signing Certificates

Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
1 year ago Securityboulevard.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
1 year ago Nakedsecurity.sophos.com
GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
1 year ago Packetstormsecurity.com
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
11 months ago Feeds.dzone.com
GitHub Revokes Compromised Code Signing Certificates After Repo Hack - GitHub has recently revealed that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. The company has found no ...
1 year ago Bleepingcomputer.com
Hackers Stole GitHub Desktop and Atom Code-Signing Certificates - Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. The company is taking the precautionary action of canceling ...
1 year ago Heimdalsecurity.com
The role of certificate lifecycle automation in enterprise environments - Learn about PKI automation and its role in managing the growing complexity of digital identities and certificates. Digital certificates form a strong foundation for our modern digital landscape and at the root of these certificates: PKI. Public key ...
8 months ago Securityboulevard.com
GitHub Security Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom - GitHub revealed on Monday that unknown hackers managed to steal encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom apps. As a precaution, the company is revoking the exposed certificates. Versions 1.63.0 ...
1 year ago Thehackernews.com
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
11 months ago Feeds.dzone.com
3 Ways to Stop Unauthorized Code From Running in Your Network - According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely is the development of code using AI tools. Many organizations are turning to ...
1 year ago Darkreading.com
GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
1 year ago Hackread.com
Strengthening Cybersecurity: The Role of Digital Certificates and PKI in Authentication - Data protection remains integral in our wide digital world. This has been possible because of the increasing awareness amidst enterprises, small and large, across industries on the paramount need for the protection of sensitive data, securing digital ...
11 months ago Feeds.dzone.com
3 Ways to Stop Unauthorized Code From Running in Your Network - According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely is the development of code using AI tools. Many organizations are turning to ...
1 year ago Darkreading.com
Malware abuses Google OAuth endpoint to 'revive' cookies, hijack accounts - Session cookies are a special type of browser cookie that contains authentication information, allowing a person to automatically log in to websites and services without entering their credentials. These types of cookies are meant to have a limited ...
11 months ago Bleepingcomputer.com
Why is my SSL expiring every 3 months? - Digital certificates, used with the protocol 'TLS' establish secure connections between your web server and the browsers visitors use to view your site. If a user gets a message saying their site's certificate has expired, they may feel it's not ...
11 months ago Securityboulevard.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
8 months ago Securityboulevard.com
AnyDesk says hackers breached its production servers, reset passwords - AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk ...
10 months ago Bleepingcomputer.com
AnyDesk says hackers breached its production servers, resets passwords - AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk ...
10 months ago Bleepingcomputer.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
CVE-2017-10850 - Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? ...
3 years ago
Why Tokens Are Like Gold for Opportunistic Threat Actors - COMMENTARY. Authentication tokens aren't actual physical tokens, of course. Authentication tokens are an important part of cybersecurity. Which means that anyone with a token has a gold key to corporate systems - without requiring a multifactor ...
7 months ago Darkreading.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
11 months ago Securityboulevard.com
CVE-2024-35196 - Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack ...
6 months ago
Lumma malware can allegedly restore expired Google auth cookies - The Lumma information-stealer malware is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts. Session cookies are specific web cookies used to allow a browsing ...
1 year ago Bleepingcomputer.com
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
5 months ago Aws.amazon.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)