A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more.
Welcome to Cyber Security Today. It’s Friday, February 17th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
An attacker created and tried to use a fake code-signing certificate from security company Emsisoft to install a tool for hacking into a customer’s computer. If successful the tool would have been detected by the Emsisoft application — but registered as a false positive. Emsisoft said this week the attempt was blocked by its product. However, application developers should use this incident watch for someone trying to compromise their digital certificate infrastructure. IT and security administrators need to limit the number of approved applications that can be downloaded by staff and run in their environments. And they need to ensure that applications flagged for being signed with suspicious digital certificates are quarantined. The tool the attacker tried to leverage with the phony-named certificate was MeshCentral, an open-source remote access application. That can be OK if approved, but in the…
