image credit: Pixabay

Windows code-signing attacks explained (and how to defend against them)

September 14, 2020

Code signing is a mechanism by which software manufacturers assure their consumers that they are running legitimate software, signed by its manufacturer via cryptography. This ensures that the software release wasn’t tampered with while making its way from the manufacturer to the end-user and is especially relevant when downloading software from third-party websites rather than the manufacturers themselves.

You need to be sure you’re downloading the official release of a software package as shipped by the manufacturer and not an executable that was, say, injected with malware by an attacker.

Read More on CSO Online