digital signatures Archives

Winsage

June 4, 2026

ADCS Now Generates Post-Quantum Certificates For Windows

Active Directory Certificate Services (ADCS) now supports the generation of post-quantum certificates, enhancing quantum-safe cryptography within Windows' secure connection protocols. Microsoft has integrated PQ TLS hybrid key exchange into the Windows Transport Layer Security (TLS) stack, providing protection against "Harvest Now, Decrypt Later" attacks. The PQ TLS hybrid key exchange combines traditional cryptographic methods with the NIST ML-KEM algorithm, offering three hybrid combinations: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1_MLKEM1024. This feature is available in preview via the Windows Insider Program and will be rolled out to Windows 11 and Windows Server. Additionally, Windows cryptography APIs now support composite ML-KEM and ML-DSA algorithms, which are NIST-approved standards for key exchange and digital signatures, enhancing security by requiring multiple components to be compromised. Microsoft emphasizes the importance of establishing new Certification Authorities (CAs) for implementing post-quantum certificate issuance, as existing CAs cannot be upgraded. The introduction of ML-DSA support within ADCS allows organizations to counter HNDL risks associated with long-lived data. Organizations are encouraged to inventory their use of public-key cryptography, prioritize systems protecting sensitive data, and test hybrid and composite approaches in non-production environments to facilitate a smooth transition to quantum-safe cryptography.

Winsage

May 24, 2026

Windows Secure Boot certificates start expiring June 24

Windows Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI) specification that enhances system security by ensuring only trusted software is loaded during the startup sequence. It verifies the digital signatures of boot components to protect against malicious software and unauthorized access. Key aspects include enhanced security by preventing untrusted code execution, compatibility with various hardware and software configurations, and user control over Secure Boot settings for customization.

Winsage

May 10, 2026

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Between May 6 and May 7, 2026, the official JDownloader website was compromised in a supply chain attack, leading to the distribution of malicious installers for Windows and Linux users. Attackers altered download links, redirecting users to harmful files, specifically targeting the Windows “Alternative Installer” and the Linux shell installer. A Reddit user reported the issue after Microsoft Defender flagged the installers as malicious, noting unusual developer names instead of the expected publisher, AppWork GmbH. JDownloader developers confirmed the breach and temporarily took down the website for investigation, revealing that an unpatched vulnerability in the content management system allowed the attackers to modify download pages. The genuine installer packages were not altered, and the malicious links were removed. The website was restored on May 8–9, 2026, with verified clean installer links. Indicators of compromise included specific hashes and compromised URLs related to the attack.

AppWizard

May 6, 2026

Android Apps Get Public Verification System to Stop Supply Chain Attacks

Google has launched an enhanced Binary Transparency initiative for Android to strengthen the ecosystem against supply chain attacks. This initiative builds on the Pixel Binary Transparency framework introduced in October 2021, which ensures Pixel devices operate on verified OS software through a public cryptographic log of factory images. The new initiative aims to address the increasing sophistication of binary supply chain attacks, emphasizing that a binary's digital signature alone is insufficient for guaranteeing its authenticity. Starting May 1, 2026, all production Android applications released by Google will include a cryptographic entry confirming their authenticity. This initiative covers various Google applications and provides a transparent 'Source of Truth' for users to verify the software on their devices. Google is also offering verification tools for users and researchers to confirm the transparency state of supported software types, enhancing user privacy and security.

AppWizard

May 6, 2026

Google expands Android Binary Transparency to counter supply chain attacks

Supply chain attacks targeting mobile software have increased due to the reliance on smartphones for essential functions. In response, Google has launched an enhanced Binary Transparency program for Android, which includes a public ledger that records cryptographic entries for production applications. This program initially covers two software layers: Google Applications and Mainline Modules. For Pixel device owners, it complements the Pixel System Image Transparency feature introduced in 2023, allowing users to verify the authenticity of system images and Google applications. The program aims to address the gap in software trust by distinguishing between digital signatures, which confirm the identity of the binary's creator, and binary transparency, which indicates the intent for public release. If a Google-signed application released after May 1, 2026, is not listed in the ledger, it means Google did not authorize it as production software. Verification tools are available on GitHub for assessing software against the ledger. Google employs "defense-in-depth" protocols to mitigate insider risks, ensuring that no single individual can publish a binary without triggering cryptographic verification. The ledger acts as a public record to deter unauthorized modifications. Google is also working to extend Binary Transparency to third-party developers to enhance the security of the global software supply chain.

AppWizard

May 4, 2026

Google’s got a new tool for making sure your phone is running the Android apps it should

Google is expanding its Binary Transparency initiative, originally focused on verifying Pixel firmware, to include its Android applications and Mainline updates. This initiative aims to enhance user trust by providing a publicly auditable record of all official app and Mainline updates, ensuring that only certified Google-approved releases are documented. The updated system began implementation in May, allowing users to track every officially published Google Android app and Mainline module.

Winsage

May 1, 2026

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft resolved an issue affecting the display of security warnings when opening Remote Desktop (.rdp) files across all supported Windows versions, including Windows 11, Windows 10, and Windows Server. This problem was particularly evident on devices with multiple monitors having different display scaling settings. The fix was included in the optional KB5083631 preview cumulative update for Windows 11. The issue arose after the installation of the April 2026 security update, which introduced security warnings to enhance protection against phishing attacks. Users reported misalignment and obscured buttons in the security dialog, making it difficult to interact with. Additionally, the April security updates caused issues with third-party backup applications on Windows 11 systems and led to restart loops and failures during update installations on Windows Server.

Winsage

April 28, 2026

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has identified an issue affecting the display of security warnings when users open Remote Desktop (.rdp) files across all supported versions of Windows, including Windows 11, Windows 10, and Windows Server. The security warning may not render correctly, making the text difficult to read and buttons misaligned, especially when multiple monitors with different display scaling settings are used. This issue often results in overlapping text or obscured buttons in the warning window. The problem is part of Microsoft's security enhancements introduced with the April 2026 cumulative updates, which aim to mitigate risks associated with malicious RDP connection files. Users receive a one-time educational prompt upon opening an RDP file for the first time, followed by a security dialog that provides information about the file's publisher and resource redirections. RDP files are commonly used in enterprise environments, but their exploitation in phishing campaigns has raised security concerns, particularly by groups like the Russian state-sponsored APT29.

AppWizard

April 13, 2026

Android Fax Apps (2026): Top picks for medical, business and industrial use

In 2026, the top Android fax apps are evaluated based on compliance, reliability, and cost-effectiveness for various sectors. The Municorn Fax App is identified as the best overall due to its unlimited fax sending, HIPAA-compliant infrastructure, and user-friendly interface. iFax is noted for its security features and compliance, making it ideal for healthcare providers, though its pricing can increase with usage. Fax.Plus is recommended for enterprises needing structured workflows and compliance, while eFax is recognized for its brand familiarity and occasional faxing needs. The FAX App is a simple, budget-friendly option for basic faxing tasks. Key factors for ranking include compliance, pricing models, ease of use, scalability, and integration capabilities.

Tech Optimizer

April 1, 2026

Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus

Ransomware attackers are increasingly using legitimate IT tools, referred to as the “dual-use dilemma,” to infiltrate systems instead of relying solely on traditional malware. Tools like Process Hacker and IOBit Unlocker, originally designed for troubleshooting, are now being weaponized to disable antivirus software. IOBit Unlocker has been linked to cyber campaigns by LockBit Black 3.0 and Dharma, while Process Hacker is used by Phobos and Makop ransomware operators. These tools have trusted digital signatures, allowing hackers to operate undetected. Ransomware attacks typically follow a kill chain, starting with phishing emails or compromised credentials. Attackers gain SYSTEM-level control using tools like PowerRun or YDArk. The attack unfolds in two phases: first, they use “process killers” to terminate antivirus monitoring, and then they employ tools like Mimikatz to extract passwords and erase logs, complicating tracking efforts. The evolution of ransomware tactics includes the use of Ransomware-as-a-Service (RaaS) kits, such as LockBit 3.0 and BlackCat, which are designed to disable antivirus protections. Future trends may involve AI-assisted methodologies that autonomously determine ways to circumvent security measures, indicating a shift in the security landscape.