all InfoSec news
Old certificate, new signature: open-source tools forge signature timestamps on Windows drivers
July 11, 2023, 6:16 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
- Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015.
- Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.
- We have observed over a dozen code signing certificates with keys and passwords contained in a PFX file hosted on GitHub used in …
certificate cisco cisco talos drivers forge july kernel mode old policy signature signing talos threat threat actors tools windows
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Professional Services Resident Consultant / Senior Professional Services Resident Consultant - AMS
@ Zscaler | Bengaluru, India
Head of Security, Risk & Compliance
@ Gedeon Richter Pharma GmbH | Budapest, HU
Unarmed Professional Security Officer - County Hospital
@ Allied Universal | Los Angeles, CA, United States
Senior Software Engineer, Privacy Engineering
@ Block | Seattle, WA, United States
Senior Cyber Security Specialist
@ Avaloq | Bioggio, Switzerland
Senior Cyber Software Engineer
@ Draper | Cambridge, MA, United States