An alarming growth in malware signed with fraudulently obtained keys and code-signing certificates in order to trick users to download harmful code is prompting Microsoft and Symantec to push for tighter controls in the way the world's certificate authorities issue these keys used in code-signing.
Hundreds of global organizations have been infected by a Russian botnet as part of a cybercrime campaign that could be connected to the mysterious traffic spike that hit the Tor anonymity system in August, security firm Websense says.
Attackers compromised two php.net servers, injecting malicious code into the website, so The PHP Group is resetting passwords for the official website of the PHP programming language. It's also changing php.net's SSL certificate.
And to add insult to injury, you have to download 18GB of... something before the malware phishes for your personal info.