this post was submitted on 25 Aug 2023
30 points (91.7% liked)

Technology

70847 readers
3172 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
30
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors (arstechnica.com)
submitted 2 years ago by fry@fry.gs to c/technology@lemmy.world
2 comments fedilink hide all child comments
all 4 comments
sorted by: hot top controversial new old
[–] autotldr@lemmings.world 4 points 2 years ago

This is the best summary I could come up with:

In July, security researchers revealed a sobering discovery: hundreds of pieces of malware used by multiple hacker groups to infect Windows devices had been digitally signed and validated as safe by Microsoft itself.

On Tuesday, a different set of researchers made a similarly solemn announcement: Microsoft’s digital keys had been hijacked to sign yet more malware for use by a previously unknown threat actor in a supply-chain attack that infected roughly 100 carefully selected victims.

The program is used to certify that device drivers—the software that runs deep inside the Windows kernel—come from a known source and that they can be trusted to securely access the deepest and most sensitive recesses of the operating system.

Then, Carderbee used its newfound control to push malicious updates to roughly 2,000 organizations that are Cobra DocGuard customers.

The fact that they appear to only deploy their payload on a handful of the computers they gain access to also points to a certain amount of planning and reconnaissance on behalf of the attackers behind this activity.”

While attackers could already install apps, steal passwords, and take other liberties, running code in the kernel allowed them to do things that would otherwise be impossible.

The original article contains 493 words, the summary contains 199 words. Saved 60%. I'm a bot and I'm open source!

[–] Boozilla@lemmy.world 4 points 2 years ago

This is what happens when you let MBAs and marketers run things to the point that competent cybersec folks and coders leave, or quiet quit, and/or give up on best practices. Microsoft is a clown company.