Friday, February 3, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Nvidia certificates are being used on malware

Nvidia certificates are being used on malware

The leaked data of Nvidia might cause trouble other than the company itself with the code signature certificates.


Rusen Gobel Rusen Gobel
March 8, 2022
2 min read
Nvidia certificates are being used on malware

Lapsus$ data extracting group is stealing huge companies’ secrets one by one. At the end of February, the gang has managed to steal corporate data from Nvidia and leaked it. The next victim was South Korean tech giant Samsung; leaked their corporate data as well. Now those leaks are causing security threats for ordinary people.

Malware signed by Nvidia

Among the several corporal secrets in the leaks such as firmware, LHR limiting software, and more, there were also two code-signing certificates of Nvidia which are used for drivers and executables. Those digital certificates are used for verifying the codes are owned by Nvidia and they are not changed (e.g. injecting malicious code into drivers) by third parties.

According to security researchers, those certificates are already being used on malware and some hacking tools in the wild. Those include Cobalt Strike beacons, Mimikatz, remote access trojans, and backdoors. Stolen certificates utilize the serial numbers you can see below:

  • 43BB437D609866286DD839E1D00309F5
  • 14781bc862e8dc503a559346f5dcc518

That escalated quickly #Lapsus
#Nvidia #LeakedCertificate

Mimikatzhttps://t.co/TrY6vL2mEE

KDUhttps://t.co/RDf6bnuArk pic.twitter.com/Jl4tpS5KEr

— Florian Roth ⚡️ (@cyb3rops) March 3, 2022

Those stolen certificates are now expired. However, Windows operating system and Defender will not interfere with drivers signed with those certificates from being loaded. The executables and the drivers that are signed by Nvidia look legitimate from the operating system/security perspective.

As part of the #NvidiaLeaks, two code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd

— Bill Demirkapi (@BillDemirkapi) March 3, 2022

According to David Weston, vice president of OS security and enterprise at Microsoft, creating WDAC (Windows Defender Application Control) policies might temporarily mitigate the security risks. With WDAC policies, users can control which Nvidia signed drivers will be loaded to the operating system. However, it is a complicated process for most people.

WDAC policies work on both 10-11 with no hardware requirements down to the home SKU despite some FUD misinformation i have seen so it should be your first choice. Create a policy with the Wizard and then add a deny rule or allow specific versions of Nvidia if you need

— David Weston (DWIZZZLE) (@dwizzzleMSFT) March 3, 2022

Microsoft’s action with blocking the stolen certificates is expected soon. But this might also break the drivers and Nvidia software that are already installed in the systems. Nvidia should publish new drivers and software with new certificates, then people should install them to their systems. After enough adoption of new drivers and software, Microsoft can revoke the stolen certificates.

See more Cybersecurity News


Tags: Lapsus$NvidiaSamsung
Rusen Gobel

Rusen Gobel

Rusen Gobel is a news editor at Cloud7 News. With more than 10 years of experience, Rusen worked as a hardware and software news editor for technology sites such as Shiftdelete, Teknokolis, Hardware Plus, BT Haber. In addition, Rusen publishes consumer product reviews on his YouTube channel. While consumer electronics has been his main focus for years, now Rusen is more interested in WordPress and software development. He had contributed different web application projects in his professional career. Rusen had graduated from Istanbul University, department of Computer Engineering. Rusen has a very high passion for learning and writing for every kind of technology. That's why he has been working as a tech editor for more than ten years on several different technology magazines and online news portals.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Limelight to acquire Edgecast

Limelight to acquire Edgecast

Related News

Fortinet is expanding its SOC offerings portfolio

Fortinet is expanding its SOC offerings portfolio

February 3, 2023 2:00 pm
Radware announces a new partner program

Radware announces a new partner program

February 3, 2023 1:30 pm
APTs are looking for developers to hire with hefty paychecks

APTs are looking for developers to hire with hefty paychecks

February 1, 2023 2:30 pm
US extradites ShinyHunters hacker

US extradites ShinyHunters hacker

February 1, 2023 1:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • LibreOffice 7.5 Community is released. What’s new?
  • NTT to add Palo Alto Networks’ solution to its portfolio
  • Gcore announces partnership with Super Protocol
  • Fortinet is expanding its SOC offerings portfolio
  • Radware announces a new partner program

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.