www.crn.com
Open in
urlscan Pro
13.32.27.39
Public Scan
URL:
https://www.crn.com/news/security/240148192/bit9-admits-systems-breach-stolen-code-signing-certificates.htm
Submission: On October 05 via api from US — Scanned from DE
Submission: On October 05 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
/search
<form action="/search" class="d-flex">
<input class="form-control me-2" type="search" name="query" placeholder="Search" aria-label="Search">
<input class="form-control me-2" name="type" value="article" type="hidden">
<input class="form-control me-2" name="type" value="article" type="hidden">
<input class="form-control me-2" name="type" value="article/slideshow" type="hidden">
<input class="form-control me-2" name="type" value="article/channelcast" type="hidden">
<input class="form-control me-2" name="type" value="article/staff" type="hidden">
<input class="form-control me-2" name="limit" value="15" type="hidden">
<button class="btn btn-outline-success" type="submit">Search</button>
</form>Text Content
* News
* Video
* Companies
* Awards & Lists
* Events
* Industry Voices
* About
Close
* Sections
* All News
* Channel News
* Cloud
* Components & Peripherals
* Computing
* Data Center
* Internet of Things
* Managed Services
* Networking
* Running Your Business
* Security
* Software
* Storage
* Virtualization
* Watch CRNtv
* Editors
* Kyle Alspach
* Steve Burke
* CJ Fairfield
* Jennifer Follett
* Mark Haranas
* David Harris
* O'Ryan Johnson
* Joseph F. Kovar
* Dylan Martin
* Wade Tyler Millward
* Gina Narcisi
* Rick Whiting
* Meet the Editors
* Calendars
* Editorial
* High Tech Events
* TCC Events
* Connect with CRN
* CRN Magazine
* Notify me about CRN Awards
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletter
* Licensing CRN
Close
* CRNtv
* Latest Videos
* CRN In Depth
* Executive Interviews
* Podcasts
* Tech Minutes
* Vendor Viewpoint
* Webinars
* CRNtv On Location
* Fortinet Secure Network
* Google Cloud Next
* HP Amplify
* Ingram Micro One 2023
* Juniper Partner Advantage
* ServiceNow GPES 2023
* XChange August
* XChange March
* Connect with CRN
* CRN Magazine
* Notify me about CRN Awards
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletter
* Licensing CRN
Close
* A-G
* Accenture
* Amazon Web Services
* AMD
* Apple
* AT&T
* Broadcom
* Cisco Systems
* Citrix Systems
* Cognizant Technology Solutions
* Comcast
* CommVault
* ConnectWise
* CrowdStrike
* Datto Inc.
* Dell Technologies
* DXC Technology
* ESET
* Fortinet
* Google
* H-P
* Hewlett-Packard Enterprise (HPE)
* HPE Aruba Networking
* Hitachi Vantara
* HP Inc.
* IBM Corporation
* Ingram Micro Inc.
* Intel Corporation
* Juniper Networks, Inc.
* Kaseya
* Lenovo
* Microsoft Corporation
* NetApp, Inc.
* Nutanix
* NVIDIA
* OpenText
* Oracle Corporation
* Palo Alto Networks Inc
* Pax8
* Pure Storage
* R-Z
* Red Hat
* Salesforce
* Samsung
* ServiceNow
* SonicWALL
* Symantec by Broadcom Software
* TD SYNNEX
* Trellix
* Veeam
* Verizon Business
* VMware, Inc.
* Connect with CRN
* CRN Magazine
* Notify me about CRN Awards
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletter
* Licensing CRN
Close
* A-H
* All Rankings
* 100 People You Don't Know But Should
* Annual Report Card
* Big Data 100
* CEO Outlook
* Channel Chiefs
* Cloud 100
* Data Center 50
* Edge Computing 100
* Emerging Vendors
* Fast Growth 150
* I-P
* Inclusive Channel Leaders
* Internet Of Things 50
* IoT Innovators
* Managed Service Provider 500
* Mobile 100
* Next-Gen Solution Provider Leaders
* Partner Program Guide
* Products Of The Year
* R-Z
* Rising Female Stars Of The IT Channel
* Security 100
* Software-Defined Data Center 50
* Solution Provider 500
* Storage 100
* Tech Elite 250
* Tech Innovators
* Triple Crown
* Top 100 Executives
* Women of the Channel
* Apply
* Open Solution Provider Applications
* Open Vendor Applications
* Notify me about CRN Awards
* Connect with CRN
* CRN Magazine
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletter
* Licensing CRN
Close
* Calendars
* Editorial
* High Tech Events
* TCC Events
* Events
* Best of Breed Conference
* MES
* NexGen
* Women of the Channel
* XChange
* Connect with CRN
* CRN Magazine
* Notify me about CRN Awards
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletter
* Licensing CRN
Close
* 360 Industry Outlooks
* Automated IT Operations
* Backup and Disaster Recovery
* Broadband
* Cloud Infrastructure
* Cloud Software
* Cloud Storage And Collaboration
* Cyber Security
* Distributed Workforce
* Email Security
* SaaS Backup
* Threat Management
* XDR
* CloseUps
* Broadcom
* CyberPower
* Grammarly
* Intermedia Cloud Communications
* Palo Alto Networks
* VMware
* Vonage
* Wasabi
* Communities*
* AMD & Supermicro Performance Intensive Computing
* Cybersecurity as a Service
* Dell Enterprise Tech Provider
* Fortinet Secure Network Hub
* Hitachi Hybrid Cloud Solutions
* Inclusive Leadership Network
* Lenovo 360
* Sustainable IT Solutions
* Women of the Channel Community
* Learning Centers*
* BlackBerry CyberSecurity
* Comcast Business
* Eaton
* ESET
* Logitech
* Microsoft Azure
* NetApp
* Newsrooms
* Acronis #CyberFit Summit
* CRNtv On Location at XChange
* Google
* HP
* Ingram Micro One 2023
* Juniper
* ServiceNow GPES 2023
* Showcases
* Top 100 Executives
* CRN Showcase
* Women of the Channel
* Channelcasts
* All Channelcasts
* Connect with CRN
* CRN Magazine
* Notify me about CRN Awards
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletter
* Licensing CRN
*Learning Centers and Communities sponsored by CRN's Partners
Close
* CRN
* About CRN
* Contact CRN
* CRN Magazine
* Code of Ethics
* Editorial Calendar
* Notify me about CRN Awards
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletters
* Licensing
* Media Kit
* Send Us A Tip
* Watch CRNtv
* Editors
* Kyle Alspach
* Steve Burke
* CJ Fairfield
* Jennifer Follett
* Mark Haranas
* David Harris
* O'Ryan Johnson
* Joseph F. Kovar
* Dylan Martin
* Wade Tyler Millward
* Gina Narcisi
* Rick Whiting
* Meet the Editors
* The Channel Company
* Careers
* Contact Us
* Privacy Policy
* Site Map
* Terms of Service
* CRN Global
* CRN UK
* CRN Germany
* Computing
* Channel Partner Insight
* CRN Affiliates
* CRN Australia
* CRN France
* CRN India
* CRN Italy
* CRN Poland
Expand All [+]
* News
* Sections
* All News
* Channel News
* Cloud
* Components & Peripherals
* Computing
* Data Center
* Internet of Things
* Managed Services
* Networking
* Running Your Business
* Security
* Software
* Storage
* Virtualization
* Watch CRNtv
* Editors
* Kyle Alspach
* Steve Burke
* CJ Fairfield
* Jennifer Follett
* Mark Haranas
* David Harris
* O'Ryan Johnson
* Joseph F. Kovar
* Dylan Martin
* Wade Tyler Millward
* Gina Narcisi
* Rick Whiting
* Meet the Editors
* Calendars
* Editorial
* High Tech Events
* TCC Events
* Video
* CRNtv
* Latest Videos
* CRN In Depth
* Executive Interviews
* Podcasts
* Tech Minutes
* Vendor Viewpoint
* Webinars
* CRNtv on Location
* Fortinet Secure Network
* Google Cloud Next
* HP Amplify
* Ingram Micro One 2023
* Juniper Partner Advantage
* ServiceNow GPES 2023
* XChange August
* XChange March
* Companies
* A-G
* Accenture
* Amazon Web Services
* AMD
* Apple
* AT&T
* Broadcom
* Cisco Systems
* Citrix Systems
* Cognizant Technology Solutions
* Comcast
* CommVault
* ConnectWise
* CrowdStrike
* Datto Inc.
* Dell Technologies
* DXC Technology
* ESET
* Fortinet
* Google
* H-P
* Hewlett-Packard Enterprise (HPE)
* HPE Aruba Networking
* Hitachi Vantara
* HP Inc.
* IBM Corporation
* Ingram Micro Inc.
* Intel Corporation
* Juniper Networks, Inc.
* Kaseya
* Lenovo
* Microsoft Corporation
* NetApp, Inc.
* Nutanix
* NVIDIA
* OpenText
* Oracle Corporation
* Palo Alto Networks Inc
* Pax8
* Pure Storage
* R-Z
* Red Hat
* Salesforce
* Samsung
* ServiceNow
* SonicWALL
* Symantec by Broadcom Software
* TD SYNNEX
* Trellix
* Veeam
* Verizon Business
* VMware, Inc.
* Awards & Lists
* A-H
* All Rankings
* 100 People You Don't Know But Should
* Annual Report Card
* Big Data 100
* CEO Outlook
* Channel Chiefs
* Cloud 100
* Data Center 50
* Edge Computing 100
* Emerging Vendors
* Fast Growth 150
* I-P
* Inclusive Channel Leaders
* Internet Of Things 50
* IoT Innovators
* Managed Service Provider 500
* Mobile 100
* Next-Gen Solution Provider Leaders
* Partner Program Guide
* Products Of The Year
* R-Z
* Rising Female Stars Of The IT Channel
* Security 100
* Software-Defined Data Center 50
* Solution Provider 500
* Storage 100
* Tech Elite 250
* Tech Innovators
* Triple Crown
* Top 100 Executives
* Women of the Channel
* Apply
* Open Solution Provider Applications
* Open Vendor Applications
* Notify me about CRN Awards
* Events
* Calendars
* Editorial
* High Tech Events
* TCC Events
* Events
* Best of Breed Conference
* MES
* NexGen
* Women of the Channel
* XChange
* Industry Voices
* 360 Industry Outlooks
* Automated IT Operations
* Backup and Disaster Recovery
* Broadband
* Cloud Infrastructure
* Cloud Software
* Cloud Storage And Collaboration
* Cyber Security
* Distributed Workforce
* Email Security
* SaaS Backup
* Threat Management
* XDR
* CloseUps
* Broadcom
* CyberPower
* Grammarly
* Intermedia Cloud Communications
* VMware
* Vonage
* Wasabi
* Communities*
* AMD & Supermicro Performance Intensive Computing
* Cybersecurity as a Service
* Dell Enterprise Tech Provider
* Fortinet Secure Network Hub
* Hitachi Hybrid Cloud Solutions
* Inclusive Leadership Network
* Lenovo 360
* Sustainable IT Solutions
* Women of the Channel Community
* Learning Centers*
* BlackBerry CyberSecurity
* Comcast Business
* Eaton
* ESET
* Logitech
* Microsoft Azure
* NetApp
* Newsrooms
* Acronis #CyberFit Summit
* CRNtv On Location at XChange
* Google
* HP
* Ingram Micro One 2023
* Juniper
* ServiceNow GPES 2023
* Showcases
* Top 100 Executives
* CRN Showcase
* Women of the Channel
* Channelcasts
* All Channelcasts
*Learning Centers and Communities sponsored by CRN's Partners
* About
* CRN
* About CRN
* Contact CRN
* CRN Magazine
* Code of Ethics
* Editorial Calendar
* Notify me about CRN Awards
* Open Solution Provider Applications
* Open Vendor Applications
* Subscribe to CRN Magazine
* Subscribe to CRN Newsletters
* Licensing
* Media Kit
* Send Us A Tip
* Watch CRNtv
* Editors
* Kyle Alspach
* Steve Burke
* CJ Fairfield
* Jennifer Follett
* Mark Haranas
* David Harris
* O'Ryan Johnson
* Joseph F. Kovar
* Dylan Martin
* Wade Tyler Millward
* Gina Narcisi
* Rick Whiting
* Meet the Editors
* The Channel Company
* Careers
* Contact Us
* Privacy Policy
* Site Map
* Terms of Service
* CRN Global
* CRN UK
* CRN Germany
* Computing
* Channel Partner Insight
* CRN Affiliates
* CRN Australia
* CRN France
* CRN India
* CRN Italy
* CRN Poland
Advertisement
* Home ▸ News ▸ Security ▸ Bit9 Admits Systems Breach, Stolen Code-Signing
Certificates
SECURITY NEWS
BIT9 ADMITS SYSTEMS BREACH, STOLEN CODE-SIGNING CERTIFICATES
ROBERT WESTERVELT
FEBRUARY 08, 2013, 05:16 PM EST
Shares
Share
Share
Tweet
Email
Share
Waltham, Mass.-based Bit9 said the intellectual property at the core of its
application whitelisting software was not exposed in the breach. An attacker can
use stolen digital code-signing certificates to enable them to create malware
that can masquerade as Bit9's product.
"We simply did not follow the best practices we recommend to our customers by
making certain our product was on all physical and virtual machines within
Bit9," wrote Bit9 CEO Patrick Morley in a company blog post announcing the
infiltration.
[Related: Data Breach Security From A To Z ]
Morley said the incident stemmed from an "operational oversight," and
information about the breach was first shared with customers before going public
with the announcement. "We failed to install our own product on a handful of
computers within our network," he said.
Any Bit9 customer affected should, at the very least, assume they now have
malware on their systems, said Andrew Storms, director of security operations at
San Francisco-based vulnerability and risk management vendor nCircle. "Revoking
certificates isn't a panacea because it takes time for systems to recognize the
revocation," Storms said. "Naturally, attackers are trying to maximize this
window by using the certificate to deliver whatever they want."
Advertisement
Morley did not disclose details about how the three customers were impacted or
whether they experienced a serious data security breach as a result of the Bit9
breach. The company has revoked the certificate and acquired a new one, Morley
said. Engineers are also preparing an update to stop the execution of any
malware that attempts to use the certificate.
Morley also summarized the company's security processes, indicating that a
security operation's center with a full-time staff monitors all system activity.
Regular third-party audits are also conducted, he said.
"We share a common goal with our customers: defending against the malicious type
of activity that caused this incident," Morley wrote. "We are committed to doing
right by our customers and maintaining their full trust and confidence."
PUBLISHED FEB. 8, 2013
This story was updated on Feb. 8, 2013, at 3:30 p.m. PST, to include comments
from nCircle's Andrew Storms made after press time.
Learn More: Bit9 | Bit9 breach | Bit9 data security breach | whitelisting |
breach | security breach | code-signing certificate | stolen code | data breach
| Security | Data Breaches
RELATED CONTENT
Microsoft Cloud Breach Included Theft Of 60,000 State Department Emails: Reports
‘Critical’ Azure Vulnerability Is Another Microsoft Security Debacle: Tenable
CEO
MOVEit Attacks Could Yield Up To $100M In Extortion Payments: Cyber Firm
Microsoft: Cloud Email Breach Still Under ‘Ongoing Investigation’
Microsoft Cloud Email Breach: 5 Things To Know
TO TOP
Advertisement
TRENDING STORIES
Google Hires 5 New Execs From AWS, Databricks: Here’s Who | CRN
Oracle, Microsoft, SAP, Workday Lead Cloud ERP Market: Gartner | CRN
Intel Hits Key Chip-Making Milestone In Gelsinger’s Comeback Plan | CRN
The 100 People You Don’t Know But Should 2023 | CRN
Tech Company Layoffs In 2023: Cuts Didn’t Stop In Q3 | CRN
Advertisement
SPONSORED RESOURCES
* ESET MSP Program
* SD-WAN Solutions from Comcast Business and Masergy
* See how HYCU for Jira is different
* Dropbox Product Features Overview
* Grammarly Keynote - Empowering the AI-Connected Workplace
CRN AWARDS
Sign up to be notified about CRN awards
Sponsored Post
CRN MAGAZINE
BROWSE
SUBSCRIBE
LATEST ISSUE
HEAR BREAKING CHANNEL NEWS FROM CRN EXPERTS
GET THE SCOOP ON TOP INDUSTRY TRENDS
Advertisement
NEWSLETTER
GET THE IT CHANNEL NEWS YOU NEED, RIGHT TO YOUR INBOX.
SUBSCRIBE
© 2023 The Channel Company. All rights reserved.
Subscribe
About CRN
Contact CRN
Ethics Policy
The Channel Company
Terms & Conditions | Privacy Policy | Cookie Policy | Site Map
Follow CRN
SEARCH
Search
Close
Advertisement