Security researcher Mikko Hypponen reports finding a piece of malicious software that was cryptographically signed by a forged Adobe certificate originating with Government of Malaysia: Malaysian Agricultural Research and Development Institute, whose signing certificate was "stolen quite some time ago."
There are several hundred parties that are trusted by OSes, browsers and software to issue certificates, from Verisign to many national governments. A computer receiving a software update signed by a forged certificate will not be able to tell that there's anything funny about the update, but installing such an update could result in a thoroughly compromised computer.
I've been hearing persistent reports of this from security researcher friends, including reports of signed malware that can take over mobile phones and computers, compromising them so that their cameras and mics can be operated covertly, their keystrokes logged, their files plundered, etc. And the worst thing is, if you don't install updates, you can end up with security vulnerabilities that leave your computer liable to takeover by malware that does just the same thing.
Malware Signed With a Governmental Signing Key
The increasingly popular social media application TikTok has a concerning relationship with the Chinese state. That link became ever the more concerning today, when reports began circulating of a brand new partnership between the company that owns TikTok, ByteDance, and the government of China.
Nulledcast is a realtime podcast streamed on a Discord channel for the hacking forum Nulled: the hosts break into Ring and Nest cameras in realtime, blare sirens at the owners, then torment them with insults and racist slurs, livestreaming their responses to hundreds of listeners.
A family in DeSoto County, Mississippi, bought a Ring security camera so they could keep an eye on their three young girls in their bedroom. Four days later, they learned that a hacker had broken into the camera and subjected their children to continuous bedroom surveillance, taunting the children through the camera's built-in speaker.
This holiday season, give the delivery man a break. Who needs the extra cost and uncertainty of shipping anyway? Here are 10-holiday gifts that cut out the middleman and go straight to the nicest ones on your Christmas list. Winc Wine Delivery Okay, we might be cheating a little with this first one, but a […]
For some folks, writing notes by hand is just plain easier, but having to re-type them later can be a huge bore, not to mention time-sink. The guys from Rocketbook successfully merged the best parts of analog and digital note-taking with their Everlast notebook awhile back. And now, that tech just got a lot more […]
There are fast-paced card games, and some of them even require enough dexterity for a mini-workout (like Skip-Bo or Snap). But there’s nothing quite like the Mokuru® Card Game, which uses an already addictive fidget toy as the centerpiece for a cutthroat game of tabletop challenges. The game is named for the toy that gets […]