Sunday, September 30, 2012

Adobe code signing infrastructure hacked by 'sophisticated threat actors'

Adobe has warned that an internal server with access to its digital certificate code signing infrastructure was hacked by "sophisticated threat actors" engaged in "highly targeted attacks."

Image source: Article
The compromise, which dates back to early July, led to the creation of at least two malicious files that were digitally signed using a valid Adobe certificate, according to Adobe security chief Brad Arkin.

Although only two files were signed, the hack effectively gave the attackers the ability to create malware masquerading as legitimate Adobe software and signals a raising of the stakes in the world of Advanced Persistent Threats (APTs). Guardtime keyless signatures were not in use, thereby allowing the tampering to go undetected.

Are your adobe products at risk? Read the article to learn more.

No comments: