This technique, called authenticode stuffing, allows for the insertion of data into a certificate table while keeping the digital signature intact. ScreenConnect abused for initial access ...

After the publication of this article, Dormann told BleepingComputer that threat actors could modify any Authenticode-signed file, including executables (.EXE), to bypass the MoTW security warnings.

Whenever Authenticode encounters a security certificate it can't identify, Internet Explorer displays a visual prompt, warning against the potential dangers of dealing with the site in question.

Researchers from Masaryk University in the Czech Republic and Maryland Cybersecurity Center (MCC) monitored suspicious organizations and identified four that sold Microsoft Authenticode certificates ...