code signing | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which discovered the malware towards the end of 2023. The installer "deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers' network traffic," ESET researcher Romain Dumont said in a technical analysis published today. "The malware can modify or replace the contents of a requested page, redirect the user to another page, or open a new page in a new tab based on certain conditions." Besides leveraging its browser traffic interception and filtering capabilities to display game-relat

Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products," Google Threat Analysis Group's Neel Mehta  said  in a write-up published on Thursday. The new mechanism was observed to be exploited by a notorious family of unwanted software known as  OpenSUpdater  that's used to download and install other suspicious programs on compromised systems. Most targets of the campaign are users located in the U.S. who are prone to downloading cracked versions of games and other grey-area software. The findings come from a set of OpenSUpdater  samples   uploaded  to VirusTotal at least since mid-August. While adversaries in the past have relied on illega

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

A years-old vulnerability has been discovered in the way several security products for Mac implement Apple's code-signing API that could make it easier for malicious programs to bypass the security check, potentially leaving millions of Apple users vulnerable to hackers. Josh Pitts, a researcher from security firm Okta, discovered that several third-party security products for Mac—including Little Snitch, F-Secure xFence, VirusTotal, Google Santa, and Facebook OSQuery—could be tricked into believing that an unsigned malicious code is signed by Apple. Code-signing mechanism is a vital weapon in the fight against malware, which helps users identify who has signed the app and also provides reasonable proof that it has not been altered. However, Pitts found that the mechanism used by most products to check digital signatures is trivial to bypass, allowing malicious files bundle with a legitimate Apple-signed code to effectively make the malware look like it has been signed by