Cybercriminals are abusing Microsoft’s Trusted Signing service by using the platform’s three-day certificates to code-sign malware. These signed malware are more likely to bypass security filters and can look like legitimate programs. While obtaining certificates via this platform is easier than getting Extended Validation (EV) certificates, researchers assert that the ambiguity over EV certificates has made the Trusted Signing service an attractive alternative for threat actors. Microsoft said it uses threat intelligence monitoring to find and revoke misused certificates and suspend accounts.
Tariff support for health IT launched in South Korea following Trump’s tariff and more briefs
The South Korean government has launched a tariff support center to assist medical device companies with trade challenges, particularly related to U.S. tariffs. Meanwhile, Johnson
