Adobe is revoking a code signing certificate after it determined it was used by cybercriminals to fraudulently validate two malicious applications running on Windows.
Our investigation to date has shown no evidence that any other sensitive information-including Adobe source code or customer, financial or employee data-was compromised.
Brad Arkin, senior director of security for Adobe products and services
Code signing certificates are used to ensure the validity of software. Â A fraudulent certificate enables an attacker to spoof the validity of an application enabling it to evade antivirus and other security software.
Adobe said the utilities â€"Pwdump, which extracts password hashes from Windows and myGeeksmail, a malicious ISAPI filter that can be used to move in a network-came from a single source. Investigators traced the utilities to a compromised build server with access to the Adobe code signing infrastructure.Â
"Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," wrote Brad Arkin, senior director of security for Adobe products and services in a blog post. Â "As a result, we believe the vast majority of users are not at risk."
Adobe plans to revoke the impacted certificate on Oct. 4 for all software code signed after July 10.Â
Arkin said forensics investigators believe the certificate was not used to sign widespread malware and was limited to the two malicious utilities.
"Our investigation to date has shown no evidence that any other sensitive information-including Adobe source code or customer, financial or employee data-was compromised," wrote Arkin.
The revocation of the certificate affects the Windows platform as well as Adobe Muse, Adobe Story AIR applications and Acrobat.com desktop service on Mac operating systems. Consumers will receive automated updates, but IT admins managing Adobe products on the Windows platform will need to install product updates, Adobe said.
Arkin said users should not notice any disturbances in Adobe products while the certificate is revoked. Security teams for organizations operating Adobe products must download and deploy the updates themselves. IT security teams can assess their risk at the Adobe support page.
Andrew Storms, director of security operations at San Francisco-based vulnerability management vendor nCircle, said the list of applications affected by the certificate revocation update is lengthy.Â
"There are a slew of desktop products that all need to be updated," Storms said. "This is a code signing certificate that would be used heavily and an IT admin will have to figure out how to test and deploy the update for everybody."
Affected products include ColdFusion, Flash Media Server and Adobe Application Manager, among others. According to the security bulletin, Adobe is working with VeriSign to revoke the certificate.
"Adobe takes security very seriously, and we are committed to determining how the signatures misusing the Adobe code signing certificate were created given the stringent security measures in place to protect our certificate store and our infrastructure in general," Arkin wrote.
News Director Robert Westervelt contributed to this report.Â
Less than a year after HP shut down Logoworks, its online logo design service, the site is back up and running, albeit this time under new ownership. Â Growth equity firm Oldslip is the new owner, with Daniel Wolfson serving as President of the new Logoworks.
HP Introduces Four New Business Computers
New EPSON Connect Enhancements Make Mobile Printing From Computers, Tablets and Smartphones Easier, More Robust
Your enterprise is like a functioning human body. Like any human being, corporations get introduced to some things they're just not ready for. The body can react adversely to a new medication. Doctors prescribe other medications to counter the side effects. You can do the same for your enterprise when lifting the curtain on Bring Your Own Device (BYOD) â€" a phenomenon that occurs when an employee brings his or her own device to and from work.
Now that the 2012 Small Business Influencer Awards have drawn to a close, we'd like to highlight a few of the media partners who supported the event.
This membership organization is comprised of 10,000 members and subscribers representing more than 100,000 companies in Manhattan. The Manhattan Chamber of Commerce's members are part of one of the largest constituencies in the country, representing approximately 1.6 million US employees and approximately 4.5 million employees globally. Â Vice President and Director of Communications, Laura Bucko, shares a bit more about both the Manhattan Chamber of Commerce and her own passion for small business:
Canadian-based BizLaunch provides small business owners with free educational webinars, seminars, content and templates. BizLaunch has worked with Fortune 500 companies to improve their brand presence with over 100,000 entrepreneurs by providing high quality webinars, seminars, marketing content and training. Â Bizlaunch Founder, Andrew Patricio, has started seven businesses, authored two books, and is an internationally recognized small business expert who has delivered over 100 key note speeches all over the world:
Michelle Mangen applies her knowledge of accounting, social media, and payroll to help small business owners be more productive through her firm, Your Virtual Assistant. Mangen is based in Florida, but services clients all over the country.  She specializes in WordPress services, QuickBooks, social media management, administration services, and Excel spreadsheet creation. She strives to help business owners get more hours in the day by delegating tasks she can assist with:
MyVenturePad, a crowdsourced content community owned by Social Media Today, focuses on topics relating to venture funding and growth. The site offers blog posts, webinars, and podcasts on subjects like raising capital, startups, and technology.  Robin Carey, CEO of MyVenturePad, shares her insight for small business:
Hawkeye Management provides lines of credit to small businesses of $50,000 to $100,000 or more. The company prides itself on its track record: to date, 70% of the business owners who apply for unsecured business credit through Hawkeye have been approved. With an industry average of only 10%, Hawkeye stands out in its ability to connect business owners with the right lenders.  Tom Gazaway, President and CEO of Hawkeye Management, shares his insights:
For those with a passion for research, Research Access is the blog to read. It's the effort of Survey Analytics, which offers an enterprise grade research platform for collecting feedback to enable businesses, governments and consumers to participate and learn from each other. This blog, however, focuses on helping business people who are tasked with marketing research and includes videos, podcasts, and how-to posts on surveys, data tools, and analysis.  Dana Stanley, VP of Marketing for Survey Analytics, answers our questions:
With the world's data usage pushing 80 exabytes per month by 2015 (one exabyte is equal to one billion gigabytes), no doubt a significant percentage of that is located somewhere in your personal files. Whether it is business-related or personal, people and businesses are using more images, video, and large documents than ever before. One of the latest necessities of life is an external hard drive of some kind to back up important data â€" whether that be your businesses' contracts or your spouse's mega-playlist of music.