BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Hackers forge certificates to hack networks

    Emsisoft has warned its customers that cybercriminals are using fake code-signing certificates, posing as Emsisoft, to target the company's customers in hopes of circumventing their protection.

    Code signing certificates are digital signatures used to sign an application so that users, software, and operating systems can verify that the software has not been modified since it was signed by the publisher. Attackers try to take advantage of this by creating fake certificates that mimic the name of a well-known company.

    In a new security bulletin, Emsisoft warned that one of its customers was targeted by hackers who used an executable signed with a fake Emsisoft certificate. The firm believes that this was done to deceive the victim - so the user will think that any detection is a false positive, and allow the program to work.

    According to Emsisoft, the hacker likely gained initial access to the compromised device by brute-forcing the RDP protocol or using stolen credentials from an employee of the target organization.

    After gaining access to the endpoint, the attackers tried to install MeshCentral, an open source remote access application that is generally trusted by security products because it is used for legitimate purposes. However, the MeshCentral executable was signed with a fake Emsisoft certificate.

    When the Emsisoft security product scanned the file, it marked it as "Unknown" due to an invalid signature and quarantined the file.

    If an employee interpreted this warning as a false positive due to the digital signature name, he could allow the application to run, which would allow the cybercriminal to gain full access to the device. This remote access can then be used to disable protections, spread across the network, steal sensitive data, and deploy ransomware.

    Emsisoft cautions that executable files should only be trusted after confirming that the file is not malicious and that security vendors should be contacted before allowing an invalidly signed executable to run. The company also suggests that system administrators set passwords for installed Emsisoft programs to prevent them from being tampered with or disabled if hacked.

    Author DeepWeb
    How to bypass the bank's voice authentication system using neural networks
    Havoc framework is another open source alternative to Cobalt Strike

    Comments 0

    Add comment