Krebs on Security

Signed Malware = Expensive “Oops” for HP

Computer and software industry maker HP is in the process of notifying customers about a seemingly harmless security incident in 2010 that nevertheless could prove expensive for the company to fix and ...
Dark Reading

Linux Foundation Debuts Sigstore Project for Software Signing

The Linux Foundation today announced its launch of Sigstore, a new nonprofit initiative that aims to improve open source software supply chain security by making it easier for developers to adopt ...
CSOonline

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...
TechRepublic

Mac users: Your antivirus software could be letting malware slip by undetected

Mac users: Your antivirus software could be letting malware slip by undetected Your email has been sent A flaw in how many third-party macOS security platforms verify Apple signed software could allow ...
ZDNet

Vista standard users need way to install software

Microsoft Windows Vista will be the first Windows operating system to only assign standard user privileges by default. While that's wonderful for security, it will likely run in to serious practical ...
InfoWorld

Are hackers using Aurora-style attacks to steal software credentials?

The Stuxnet family of malware sported signed software credentials -- which could have been obtained in a sophisticated Aurora-type attack Recent Stuxnet malware found by Belorussian antivirus company ...