iTnews

Adobe revokes code after server breach

By SC Staff on Oct 8, 2012 12:19PM
Adobe revokes code after server breach

Invalidates code signed after 10 July.

Adobe has revoked the code signing certificate for all code signed after 10 July this year following an attack it announced last week.

The software firm revealed that hackers had broken into an internal server to compromise a digital certificate that allowed them to create at least two malware-laden files that appeared to be legitimately signed by Adobe.

At the time, product security and privacy director Brad Arkin said Windows software signed with the impacted certificate plus three Windows and Macintosh Adobe AIR applications were affected.

Adobe has since begun issuing updates signed using a new digital certificate for all affected products.

Microsoft malware protection centre lead security researcher Tanmay Ganacharya said it has been tracking the issue closely.

Telemetry showed the issue was not prevalent and was being used only in only highly targeted attacks.

Adobe has revoked all software code signed after 10th July 2012 and has decommissioned the existing Adobe code-signing infrastructure.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
adobe certificates data breach security

Partner Content

Beat the DDoS blackmails in 2021
Partner Content Beat the DDoS blackmails in 2021
Why companies fail at picking cloud modernisation partners
Partner Content Why companies fail at picking cloud modernisation partners
Shut the door on ransomware
Partner Content Shut the door on ransomware
MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By SC Staff
Oct 8 2012
12:19PM
0 Comments

Related Articles

  • ADHA sees 'inconsequential' My Health Record data breach notices eroding trust
  • BTC Markets exposes customer names, emails in botched blast send
  • Orchard worker recruiter exposed sensitive personal data
  • City of Port Phillip leaks personal details in data.gov.au blunder
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network

Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer

NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.