Message Image

Cloud Key Management

Back to discussions

Expand all | Collapse all

FYI- Article about 'Micro-Star International Signing Key Stolen'

Marina BregkouMay 22, 2023 09:25:00 AM

Dear members, I'm sharing here with you an article by Bruce Schneier sent to me by my colleague Erik. ...

Thanos VrachnosMay 22, 2023 10:29:00 AM

Thanks for sharing @Marina Bregkou ! Seems that the key management procedures followed where poor ...

1. FYI- Article about 'Micro-Star International Signing Key Stolen'

1 Like
Marina Bregkou
Posted May 22, 2023 09:25:00 AM

Reply Reply Privately
Dear members,

I'm sharing here with you an article by Bruce Schneier sent to me by my colleague Erik.
Article's title: 'Micro-Star International Signing Key Stolen'.

Any thoughts?

Kind regards,
Marina

------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------
2. RE: FYI- Article about 'Micro-Star International Signing Key Stolen'

2 Like
Thanos Vrachnos
Posted May 22, 2023 10:29:00 AM
Edited by Thanos Vrachnos May 22, 2023 10:30:38 AM

Reply Reply Privately
Thanks for sharing @Marina Bregkou ! Seems that the key management procedures followed where poor (key exportable/not-residing in an HSM).

Reminds me of https://techcrunch.com/2023/01/14/circleci-hackers-stole-customer-source-code/

And maybe the stolen MSI key is an indicator of compromise of a larger attack targeting MSI...

------------------------------
Thanos Vrachnos OffensiveOps | PKI & eID Subject-matter Expert
SPEARIT
Greece, Thessaloniki
------------------------------

Original Message

Powered by Higher Logic