The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company’s old code-signing certificates. Researchers warn the drivers could be used to sign kernel-level malware and load it on systems that have driver signature verification.
The certificates were part of a large cache of files that hackers claim totals 1TB and includes source code and API documentation for GPU drivers. Nvidia confirmed it was the target of an intrusion and that the hackers took “employee passwords and some Nvidia proprietary information,” but did not confirm the size of the data breach.
What happened with the Nvidia data breach?
On February 24 an extortion group calling itself LAPSUS$ claimed publicly that it had administrative access to multiple Nvidia systems for around a week and managed to exfiltrate 1TB of data including hardware schematics, driver source code, firmware, documentation, private tools and SDKs, and “everything about Falcon” — a hardware security technology embedded in Nvidia GPUs that’s meant to prevent those GPUs from being misprogrammed.
More Stories
Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
Security researchers from ExtensionTotal have found nine malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor Read More
Smishing Triad Fuels Surge in Toll Payment Scams in US, UK
A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad Read More
Darknet’s Xanthorox AI Offers Customizable Tools for Hackers
Xanthorox AI, a self-contained system for offensive cyber operations, has emerged on darknet forums Read More
King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors
A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty to charges related to cryptocurrency thefts...
DIRNSA Fired
In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a...
Vodafone Urges UK Cybersecurity Policy Reforms as SME Cyber-Attack Costs Reach £3.4bn
Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax...