Tag

Code Signing

All articles tagged with #code signing

technology2 hours ago•1 min saved

OpenAI warns macOS users of fake OpenAI apps after Axios supply-chain breach

OpenAI says a March 31 malicious Axios library update, delivered after a hijacked developer account, infected its Mac app signing workflow and could let attackers ship fake OpenAI apps with valid certificates; no evidence of user data or internal systems being compromised. To mitigate risk, OpenAI will discontinue older macOS app versions on May 8, with a 30-day window for users to update before certificates are revoked.

via Axios|

#axios-library #code-signing #macos-apps

cybersecurity3 years ago•3 min saved

Global Supply Chain Cyberattack Exploits Decade-Old Windows Bug with North Korean Links.

A 10-year-old Windows vulnerability, CVE-2013-3900, is still being exploited in supply chain attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. The vulnerability allows adding content to an EXE's authenticode signature section in a signed executable without invalidating the signature. The fix can only be enabled by manually editing the Windows Registry, and it is removed after upgrading to Windows 11, making the device vulnerable again. The flaw has been used in recent attacks, and it should be fixed, even if that inconveniences developers.

via BleepingComputer|

#code-signing #cybersecurity #microsoft