Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware
Few advanced hackers have managed to break into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware. This security breach took place on Thursday and the software giant Adobe confirmed that the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system. As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files. According to Brad Arkin, senior director of product security and privacy for Adobe “This only affects the Adobe software signed with the impacted
certificate that runs on the Windows platform and three Adobe AIR
applications that run on both Windows and Macintosh,”
Arkin wrote. “The
revocation does not impact any other Adobe software for Macintosh or
other platforms.” The company uncovered the breach after coming across two malicious "utilities" that appeared to be digitally signed with a valid Adobe cert. It is unclear how or whether those files were used in the wild to target anyone. "Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," Arkin wrote
In another blog posted by Arkin, he said that, generally speaking, most Adobe users won't be affected. "Is your Adobe software vulnerable because of this issue?" he wrote.
"No". This issue has no impact on the security of your genuine Adobe
software. Are there other security risks to you? We have strong reason
to believe that this issue does not present a general security risk. The
evidence we have seen has been limited to a single isolated discovery
of two malicious utilities signed using the certificate and indicates
that the certificate was not used to sign widespread malware."
The "build" server that was compromised was not configured according
to Adobe's corporate standards, but that shortfall wasn't caught during
the provisioning process, Arkin said. He added that the affected server
did not provide the adversaries with access to any source code for other
products, such as the popular Flash Player and Adobe Reader and Acrobat
software.
Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo, Nvidia,Blizzard and Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH.
UPDATE: Recently we got an update, where Adobe denies the breach. In their later press release an Adobe spokeswoman said the certificate was not actually stolen:
"Adobe has stringent security measures in place to protect its code
signing infrastructure. The private keys associated with the Adobe code
signing certificates were stored in Hardware Security Modules (HSMs)
kept in physically secure facilities. We confirmed that the private key
associated with the Adobe code signing certificate was not extracted
from the HSM."
-Source (Adobe, SC Magazine, WIRED)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
adobe
,
Breached
,
cyber attack
,
cyber-crime
,
cyber-criminal
,
Hacked
,
Malware
,
security-news