GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...

Whether you create your own code-signing certificate, or use a certificate from a certificate authority, it’s easy to give your Windows binaries the seal of approval. If you compile programs on ...

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates ...

Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware ...

The recent news that hackers had breached remote access solution company AnyDesk shined a harsh light on the need for companies to take a long, hard look at code-signing practices to help ensure a ...

How do we ensure that the code we’re installing is, at the very least, the code that a vendor shipped? The generally accepted solution is code signing, adding a digital signature to binaries that can ...

Cybercriminals paid between $5,000 and $9,000 to make their malware harder to detect on Windows, highlighting its effectiveness and a shift in how the cybercrime market operates. Microsoft has ...

ConnectWise this Friday will rotate all code-signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise RMM. While the software company recently disclosed a nation-state attack, it ...

Multicloud security firm Fortanix Inc. today announced a new partnership with digital certificates and certificate lifecycle management firm Sectigo Ltd. that will allow enterprises to secure their ...

Here is a guide showing you how to create a Certificate Signing Request in Windows Server. A Certificate Signing Request (CSR) is an encrypted message sent from an applicant for a Secure Sockets Layer ...

It remains unclear how the threat actor compromised access token used in the breach. Kind of rare to read about a security breach that requires no action. So kudos to Github for good practices. That ...