Security News

GTC Nvidia teased several updates to its Morpheus AI security framework at GTC this week, and also announced it would make the application framework generally available in April. In addition to releasing a pre-built version of Morpheus, Nvidia will also publish the framework's full source code on GitHub to allow developers to modify Morpheus and build security applications on top of the software.

Code-signing certificate theft - more common than you might think. The compromise of signing certificates is an old technique that's been used in the past by several cybercriminals to sign their malware.

Two of Nvidia's code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered - certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines. Security researchers noted last week that binaries that hadn't been developed by Nvidia, but which had been signed with its stolen certificate to come off like legitimate Nvidia programs, had appeared in the malware sample database VirusTotal.

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling technology. "We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict," the company said in a security notice.

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. The leak includes two stolen code-signing certificates used by NVIDIA developers to sign their drivers and executables.

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. The leak includes two stolen code-signing certificates used by NVIDIA developers to sign their drivers and executables.

An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems. At least two binaries not developed by Nvidia, but signed this week with its stolen cert, making them appear to be Nvidia programs, have appeared in malware sample database VirusTotal.

More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month. The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday.

Chipmaker giant Nvidia confirms that its network was breached in a cyberattack last week, giving intruders access to proprietary information data and employee login data. In an initial statement last week, Nvidia said it was investigating an incident that reportedly impacted some systems, causing an outage.

The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The first round of messages from Lapsus$ included a leak of what the actor said were hashed passwords of all Nvidia employees and a claim that the company hacked back to encrypt their virtual machine with the data.