www.crn.com
Open in
urlscan Pro
13.32.27.39
Public Scan
URL:
https://www.crn.com/news/security/240148192/bit9-admits-systems-breach-stolen-code-signing-certificates.htm
Submission: On October 05 via api from US — Scanned from DE
Submission: On October 05 via api from US — Scanned from DE
Form analysis
1 forms found in the DOM/search
<form action="/search" class="d-flex">
<input class="form-control me-2" type="search" name="query" placeholder="Search" aria-label="Search">
<input class="form-control me-2" name="type" value="article" type="hidden">
<input class="form-control me-2" name="type" value="article" type="hidden">
<input class="form-control me-2" name="type" value="article/slideshow" type="hidden">
<input class="form-control me-2" name="type" value="article/channelcast" type="hidden">
<input class="form-control me-2" name="type" value="article/staff" type="hidden">
<input class="form-control me-2" name="limit" value="15" type="hidden">
<button class="btn btn-outline-success" type="submit">Search</button>
</form>
Text Content
* News * Video * Companies * Awards & Lists * Events * Industry Voices * About Close * Sections * All News * Channel News * Cloud * Components & Peripherals * Computing * Data Center * Internet of Things * Managed Services * Networking * Running Your Business * Security * Software * Storage * Virtualization * Watch CRNtv * Editors * Kyle Alspach * Steve Burke * CJ Fairfield * Jennifer Follett * Mark Haranas * David Harris * O'Ryan Johnson * Joseph F. Kovar * Dylan Martin * Wade Tyler Millward * Gina Narcisi * Rick Whiting * Meet the Editors * Calendars * Editorial * High Tech Events * TCC Events * Connect with CRN * CRN Magazine * Notify me about CRN Awards * Subscribe to CRN Magazine * Subscribe to CRN Newsletter * Licensing CRN Close * CRNtv * Latest Videos * CRN In Depth * Executive Interviews * Podcasts * Tech Minutes * Vendor Viewpoint * Webinars * CRNtv On Location * Fortinet Secure Network * Google Cloud Next * HP Amplify * Ingram Micro One 2023 * Juniper Partner Advantage * ServiceNow GPES 2023 * XChange August * XChange March * Connect with CRN * CRN Magazine * Notify me about CRN Awards * Subscribe to CRN Magazine * Subscribe to CRN Newsletter * Licensing CRN Close * A-G * Accenture * Amazon Web Services * AMD * Apple * AT&T * Broadcom * Cisco Systems * Citrix Systems * Cognizant Technology Solutions * Comcast * CommVault * ConnectWise * CrowdStrike * Datto Inc. * Dell Technologies * DXC Technology * ESET * Fortinet * Google * H-P * Hewlett-Packard Enterprise (HPE) * HPE Aruba Networking * Hitachi Vantara * HP Inc. * IBM Corporation * Ingram Micro Inc. * Intel Corporation * Juniper Networks, Inc. * Kaseya * Lenovo * Microsoft Corporation * NetApp, Inc. * Nutanix * NVIDIA * OpenText * Oracle Corporation * Palo Alto Networks Inc * Pax8 * Pure Storage * R-Z * Red Hat * Salesforce * Samsung * ServiceNow * SonicWALL * Symantec by Broadcom Software * TD SYNNEX * Trellix * Veeam * Verizon Business * VMware, Inc. * Connect with CRN * CRN Magazine * Notify me about CRN Awards * Subscribe to CRN Magazine * Subscribe to CRN Newsletter * Licensing CRN Close * A-H * All Rankings * 100 People You Don't Know But Should * Annual Report Card * Big Data 100 * CEO Outlook * Channel Chiefs * Cloud 100 * Data Center 50 * Edge Computing 100 * Emerging Vendors * Fast Growth 150 * I-P * Inclusive Channel Leaders * Internet Of Things 50 * IoT Innovators * Managed Service Provider 500 * Mobile 100 * Next-Gen Solution Provider Leaders * Partner Program Guide * Products Of The Year * R-Z * Rising Female Stars Of The IT Channel * Security 100 * Software-Defined Data Center 50 * Solution Provider 500 * Storage 100 * Tech Elite 250 * Tech Innovators * Triple Crown * Top 100 Executives * Women of the Channel * Apply * Open Solution Provider Applications * Open Vendor Applications * Notify me about CRN Awards * Connect with CRN * CRN Magazine * Subscribe to CRN Magazine * Subscribe to CRN Newsletter * Licensing CRN Close * Calendars * Editorial * High Tech Events * TCC Events * Events * Best of Breed Conference * MES * NexGen * Women of the Channel * XChange * Connect with CRN * CRN Magazine * Notify me about CRN Awards * Subscribe to CRN Magazine * Subscribe to CRN Newsletter * Licensing CRN Close * 360 Industry Outlooks * Automated IT Operations * Backup and Disaster Recovery * Broadband * Cloud Infrastructure * Cloud Software * Cloud Storage And Collaboration * Cyber Security * Distributed Workforce * Email Security * SaaS Backup * Threat Management * XDR * CloseUps * Broadcom * CyberPower * Grammarly * Intermedia Cloud Communications * Palo Alto Networks * VMware * Vonage * Wasabi * Communities* * AMD & Supermicro Performance Intensive Computing * Cybersecurity as a Service * Dell Enterprise Tech Provider * Fortinet Secure Network Hub * Hitachi Hybrid Cloud Solutions * Inclusive Leadership Network * Lenovo 360 * Sustainable IT Solutions * Women of the Channel Community * Learning Centers* * BlackBerry CyberSecurity * Comcast Business * Eaton * ESET * Logitech * Microsoft Azure * NetApp * Newsrooms * Acronis #CyberFit Summit * CRNtv On Location at XChange * Google * HP * Ingram Micro One 2023 * Juniper * ServiceNow GPES 2023 * Showcases * Top 100 Executives * CRN Showcase * Women of the Channel * Channelcasts * All Channelcasts * Connect with CRN * CRN Magazine * Notify me about CRN Awards * Subscribe to CRN Magazine * Subscribe to CRN Newsletter * Licensing CRN *Learning Centers and Communities sponsored by CRN's Partners Close * CRN * About CRN * Contact CRN * CRN Magazine * Code of Ethics * Editorial Calendar * Notify me about CRN Awards * Subscribe to CRN Magazine * Subscribe to CRN Newsletters * Licensing * Media Kit * Send Us A Tip * Watch CRNtv * Editors * Kyle Alspach * Steve Burke * CJ Fairfield * Jennifer Follett * Mark Haranas * David Harris * O'Ryan Johnson * Joseph F. Kovar * Dylan Martin * Wade Tyler Millward * Gina Narcisi * Rick Whiting * Meet the Editors * The Channel Company * Careers * Contact Us * Privacy Policy * Site Map * Terms of Service * CRN Global * CRN UK * CRN Germany * Computing * Channel Partner Insight * CRN Affiliates * CRN Australia * CRN France * CRN India * CRN Italy * CRN Poland Expand All [+] * News * Sections * All News * Channel News * Cloud * Components & Peripherals * Computing * Data Center * Internet of Things * Managed Services * Networking * Running Your Business * Security * Software * Storage * Virtualization * Watch CRNtv * Editors * Kyle Alspach * Steve Burke * CJ Fairfield * Jennifer Follett * Mark Haranas * David Harris * O'Ryan Johnson * Joseph F. Kovar * Dylan Martin * Wade Tyler Millward * Gina Narcisi * Rick Whiting * Meet the Editors * Calendars * Editorial * High Tech Events * TCC Events * Video * CRNtv * Latest Videos * CRN In Depth * Executive Interviews * Podcasts * Tech Minutes * Vendor Viewpoint * Webinars * CRNtv on Location * Fortinet Secure Network * Google Cloud Next * HP Amplify * Ingram Micro One 2023 * Juniper Partner Advantage * ServiceNow GPES 2023 * XChange August * XChange March * Companies * A-G * Accenture * Amazon Web Services * AMD * Apple * AT&T * Broadcom * Cisco Systems * Citrix Systems * Cognizant Technology Solutions * Comcast * CommVault * ConnectWise * CrowdStrike * Datto Inc. * Dell Technologies * DXC Technology * ESET * Fortinet * Google * H-P * Hewlett-Packard Enterprise (HPE) * HPE Aruba Networking * Hitachi Vantara * HP Inc. * IBM Corporation * Ingram Micro Inc. * Intel Corporation * Juniper Networks, Inc. * Kaseya * Lenovo * Microsoft Corporation * NetApp, Inc. * Nutanix * NVIDIA * OpenText * Oracle Corporation * Palo Alto Networks Inc * Pax8 * Pure Storage * R-Z * Red Hat * Salesforce * Samsung * ServiceNow * SonicWALL * Symantec by Broadcom Software * TD SYNNEX * Trellix * Veeam * Verizon Business * VMware, Inc. * Awards & Lists * A-H * All Rankings * 100 People You Don't Know But Should * Annual Report Card * Big Data 100 * CEO Outlook * Channel Chiefs * Cloud 100 * Data Center 50 * Edge Computing 100 * Emerging Vendors * Fast Growth 150 * I-P * Inclusive Channel Leaders * Internet Of Things 50 * IoT Innovators * Managed Service Provider 500 * Mobile 100 * Next-Gen Solution Provider Leaders * Partner Program Guide * Products Of The Year * R-Z * Rising Female Stars Of The IT Channel * Security 100 * Software-Defined Data Center 50 * Solution Provider 500 * Storage 100 * Tech Elite 250 * Tech Innovators * Triple Crown * Top 100 Executives * Women of the Channel * Apply * Open Solution Provider Applications * Open Vendor Applications * Notify me about CRN Awards * Events * Calendars * Editorial * High Tech Events * TCC Events * Events * Best of Breed Conference * MES * NexGen * Women of the Channel * XChange * Industry Voices * 360 Industry Outlooks * Automated IT Operations * Backup and Disaster Recovery * Broadband * Cloud Infrastructure * Cloud Software * Cloud Storage And Collaboration * Cyber Security * Distributed Workforce * Email Security * SaaS Backup * Threat Management * XDR * CloseUps * Broadcom * CyberPower * Grammarly * Intermedia Cloud Communications * VMware * Vonage * Wasabi * Communities* * AMD & Supermicro Performance Intensive Computing * Cybersecurity as a Service * Dell Enterprise Tech Provider * Fortinet Secure Network Hub * Hitachi Hybrid Cloud Solutions * Inclusive Leadership Network * Lenovo 360 * Sustainable IT Solutions * Women of the Channel Community * Learning Centers* * BlackBerry CyberSecurity * Comcast Business * Eaton * ESET * Logitech * Microsoft Azure * NetApp * Newsrooms * Acronis #CyberFit Summit * CRNtv On Location at XChange * Google * HP * Ingram Micro One 2023 * Juniper * ServiceNow GPES 2023 * Showcases * Top 100 Executives * CRN Showcase * Women of the Channel * Channelcasts * All Channelcasts *Learning Centers and Communities sponsored by CRN's Partners * About * CRN * About CRN * Contact CRN * CRN Magazine * Code of Ethics * Editorial Calendar * Notify me about CRN Awards * Open Solution Provider Applications * Open Vendor Applications * Subscribe to CRN Magazine * Subscribe to CRN Newsletters * Licensing * Media Kit * Send Us A Tip * Watch CRNtv * Editors * Kyle Alspach * Steve Burke * CJ Fairfield * Jennifer Follett * Mark Haranas * David Harris * O'Ryan Johnson * Joseph F. Kovar * Dylan Martin * Wade Tyler Millward * Gina Narcisi * Rick Whiting * Meet the Editors * The Channel Company * Careers * Contact Us * Privacy Policy * Site Map * Terms of Service * CRN Global * CRN UK * CRN Germany * Computing * Channel Partner Insight * CRN Affiliates * CRN Australia * CRN France * CRN India * CRN Italy * CRN Poland Advertisement * Home ▸ News ▸ Security ▸ Bit9 Admits Systems Breach, Stolen Code-Signing Certificates SECURITY NEWS BIT9 ADMITS SYSTEMS BREACH, STOLEN CODE-SIGNING CERTIFICATES ROBERT WESTERVELT FEBRUARY 08, 2013, 05:16 PM EST Shares Share Share Tweet Email Share Waltham, Mass.-based Bit9 said the intellectual property at the core of its application whitelisting software was not exposed in the breach. An attacker can use stolen digital code-signing certificates to enable them to create malware that can masquerade as Bit9's product. "We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9," wrote Bit9 CEO Patrick Morley in a company blog post announcing the infiltration. [Related: Data Breach Security From A To Z ] Morley said the incident stemmed from an "operational oversight," and information about the breach was first shared with customers before going public with the announcement. "We failed to install our own product on a handful of computers within our network," he said. Any Bit9 customer affected should, at the very least, assume they now have malware on their systems, said Andrew Storms, director of security operations at San Francisco-based vulnerability and risk management vendor nCircle. "Revoking certificates isn't a panacea because it takes time for systems to recognize the revocation," Storms said. "Naturally, attackers are trying to maximize this window by using the certificate to deliver whatever they want." Advertisement Morley did not disclose details about how the three customers were impacted or whether they experienced a serious data security breach as a result of the Bit9 breach. The company has revoked the certificate and acquired a new one, Morley said. Engineers are also preparing an update to stop the execution of any malware that attempts to use the certificate. Morley also summarized the company's security processes, indicating that a security operation's center with a full-time staff monitors all system activity. Regular third-party audits are also conducted, he said. "We share a common goal with our customers: defending against the malicious type of activity that caused this incident," Morley wrote. "We are committed to doing right by our customers and maintaining their full trust and confidence." PUBLISHED FEB. 8, 2013 This story was updated on Feb. 8, 2013, at 3:30 p.m. PST, to include comments from nCircle's Andrew Storms made after press time. Learn More: Bit9 | Bit9 breach | Bit9 data security breach | whitelisting | breach | security breach | code-signing certificate | stolen code | data breach | Security | Data Breaches RELATED CONTENT Microsoft Cloud Breach Included Theft Of 60,000 State Department Emails: Reports ‘Critical’ Azure Vulnerability Is Another Microsoft Security Debacle: Tenable CEO MOVEit Attacks Could Yield Up To $100M In Extortion Payments: Cyber Firm Microsoft: Cloud Email Breach Still Under ‘Ongoing Investigation’ Microsoft Cloud Email Breach: 5 Things To Know TO TOP Advertisement TRENDING STORIES Google Hires 5 New Execs From AWS, Databricks: Here’s Who | CRN Oracle, Microsoft, SAP, Workday Lead Cloud ERP Market: Gartner | CRN Intel Hits Key Chip-Making Milestone In Gelsinger’s Comeback Plan | CRN The 100 People You Don’t Know But Should 2023 | CRN Tech Company Layoffs In 2023: Cuts Didn’t Stop In Q3 | CRN Advertisement SPONSORED RESOURCES * ESET MSP Program * SD-WAN Solutions from Comcast Business and Masergy * See how HYCU for Jira is different * Dropbox Product Features Overview * Grammarly Keynote - Empowering the AI-Connected Workplace CRN AWARDS Sign up to be notified about CRN awards Sponsored Post CRN MAGAZINE BROWSE SUBSCRIBE LATEST ISSUE HEAR BREAKING CHANNEL NEWS FROM CRN EXPERTS GET THE SCOOP ON TOP INDUSTRY TRENDS Advertisement NEWSLETTER GET THE IT CHANNEL NEWS YOU NEED, RIGHT TO YOUR INBOX. SUBSCRIBE © 2023 The Channel Company. All rights reserved. Subscribe About CRN Contact CRN Ethics Policy The Channel Company Terms & Conditions | Privacy Policy | Cookie Policy | Site Map Follow CRN SEARCH Search Close Advertisement