Now that the cat is out of the bag:
Write-up on how ConnectWise misused Microsoft Authenticode signatures, creating the ideal platform for threat actors to modify ScreenConnect installers into initial payloads (previously disclosed to vendor & DigiCert)
blog.randomoracle.io/2025/06/26/s...
Write-up on how ConnectWise misused Microsoft Authenticode signatures, creating the ideal platform for threat actors to modify ScreenConnect installers into initial payloads (previously disclosed to vendor & DigiCert)
blog.randomoracle.io/2025/06/26/s...
ScreenConnect: “unauthenticated attributes” are not authenticated
(Lessons from the ScreenConnect certificate-revocation episode) An earlier blog post recounted the discovery of threat actors leveraging the ScreenConnect remote assistance application in the wild,…
blog.randomoracle.io
June 26, 2025 at 4:04 PM
Now that the cat is out of the bag:
Write-up on how ConnectWise misused Microsoft Authenticode signatures, creating the ideal platform for threat actors to modify ScreenConnect installers into initial payloads (previously disclosed to vendor & DigiCert)
blog.randomoracle.io/2025/06/26/s...
Write-up on how ConnectWise misused Microsoft Authenticode signatures, creating the ideal platform for threat actors to modify ScreenConnect installers into initial payloads (previously disclosed to vendor & DigiCert)
blog.randomoracle.io/2025/06/26/s...
Recent work from River security team and UnmitigateRisk: how the discovery of bogus "River desktop app" in the wild lead to DigiCert revoking ConnectWise's code-signing certificate and invalidating all existing ScreenConnect binaries for Windows
blog.randomoracle.io/2025/06/16/t...
blog.randomoracle.io/2025/06/16/t...
The story behind ScreenConnect certificate revocation
An unusual phishing site In late May, the River security team received a notification about a new fraudulent website impersonating our service. Phishing is a routine occurrence that every industry …
blog.randomoracle.io
June 17, 2025 at 3:45 PM
Recent work from River security team and UnmitigateRisk: how the discovery of bogus "River desktop app" in the wild lead to DigiCert revoking ConnectWise's code-signing certificate and invalidating all existing ScreenConnect binaries for Windows
blog.randomoracle.io/2025/06/16/t...
blog.randomoracle.io/2025/06/16/t...
Periodic reminder:
Every security incident is an opportunity for vendors to shill for their particular product, whether or not it could have made any difference (and clueless journalists to repackage that as free marketing)
Two examples from the #Bybit fiasco
🧵
Every security incident is an opportunity for vendors to shill for their particular product, whether or not it could have made any difference (and clueless journalists to repackage that as free marketing)
Two examples from the #Bybit fiasco
🧵
February 23, 2025 at 4:32 AM
Periodic reminder:
Every security incident is an opportunity for vendors to shill for their particular product, whether or not it could have made any difference (and clueless journalists to repackage that as free marketing)
Two examples from the #Bybit fiasco
🧵
Every security incident is an opportunity for vendors to shill for their particular product, whether or not it could have made any difference (and clueless journalists to repackage that as free marketing)
Two examples from the #Bybit fiasco
🧵
Reposted by Cem πa
In 2023, per a first-ever report from intel community, US gov disclosed 39 zero day vulns to vendors/public to be patched rather than retain them for use in hacking ops by NSA/CIA/FBI. Ten of these, however, were zero days the gov withheld for unknown number of yrs to exploit before disclosing them
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
The number of zero-day vulnerabilities the government disclosed to vendors to be fixed, rather than keep them secret to exploit, comes out to about three a month. But the figure could rise dramaticall...
www.zetter-zeroday.com
February 6, 2025 at 2:23 PM
In 2023, per a first-ever report from intel community, US gov disclosed 39 zero day vulns to vendors/public to be patched rather than retain them for use in hacking ops by NSA/CIA/FBI. Ten of these, however, were zero days the gov withheld for unknown number of yrs to exploit before disclosing them