Hackaday

Falsified Photos: Fooling Adobe’s Cryptographically-Signed Metadata

Last week, we wrote about the Leica M11-P, the world’s first camera with Adobe’s Content Authenticity Initiative (CAI) credentials baked into every shot. Essentially, each file is signed with Leica’s ...
InfoWorld

Researcher hides stealthy malware inside legitimate digitally signed files

A new technique allows attackers to hide malicious code inside digitally signed files without breaking their signatures and then to load that code directly into the memory of another process. The ...
Bleeping Computer

Microsoft and VirusTotal Team Up to Detect Malicious Signed MSI Files

Microsoft and Chronicle's VirusTotal have teamed up to better detect signed MSI files that have been modified to include malicious Java archives. When a developer creates a piece of software they ...
Bleeping Computer

Exploited Windows zero-day lets JavaScript files bypass security warnings

An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to ...
CSOonline

Windows code-signing attacks explained (and how to defend against them)

Code signing is a mechanism by which software manufacturers assure their consumers that they are running legitimate software, signed by its manufacturer via cryptography. This ensures that the ...
TechRepublic

How to sign a file on Linux with GPG

Jack Wallen shows you how to use the open source gpg to sign documents for a cost-effective way to ensure your clients the files you send them are, in fact, from you. There may be plenty of times and ...