The security firm Bit9 disclosed Friday that it has been the victim of a hack and that attackers have used the firm’s own software to spread malware even further.
The hack was first reported by Krebs on Security’s Brian Krebs, who noted that Bit9’s own encryption keys were on several pieces of malware — essentially making the security firm, which certifies safe software, a vector for the distribution of the bad software.
MetroPCS has dropped its lawsuit against the FCC's network neutrality rules, leaving Verizon as the only firm challenging their legality. But even some supporters of network neutrality think Verizon has a point.
Hackers who breached Google database appeared to seek identities of Chinese spies in U.S. who might be under watch.
Tumblr’s $1.1 billion worth is rooted in the value of its community — which means Yahoo can’t lose it.
Confirming the attack, the company said that the problem was not due to a flaw in its software, but because it hadn’t fully locked down its own computer systems.
“Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network,” the company’s chief executive officer, Patrick Morley, said in a blog post Friday. “As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.”
The company said it has resolved the issue and that only three of its customers were affected by malware that had been given the company’s stamp of approval.
In his report, Krebs said it seems clear that this attack was targeted specifically at getting data from Bit9 customers. Bit9 doesn’t explicitly disclose its customers, but it says on its site that “5 of the top 10” aerospace and defense companies use its product, as do more than 20 federal, civilian, defense and intelligence agencies.
Morley said in the post that the company is confident that it has addressed the issue and that it customers are now safe.
“We are confident that the steps we have taken will address this incident while preventing a similar issue from occurring again,” he wrote.
Related stories:
Bush, celebrity hacks raise profile of privacy concerns
FCC botched cyber-security planning after breach, report says
Cybersecurity firm identifies ‘credible threat’ to 30 U.S. banks
Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.
The Post Most: BusinessMost-viewed stories, videos and galleries int he past two hours
World Markets from
Other Market Data from
Key Rates from
Loading...
Comments