A journalist at IT Pro is covering the latest development in the Nvidia hack, specifically that the company's certificates are being used to sign malware. He's looking for comment from security experts on what this means for businesses, e.g.
- What does signing malware with a legitimate company's certificates mean?
- How could this be used to attack an organisation?
- The certificates are expired - does this affect what a hacker could achieve with the malware?
- What should businesses do to secure against this?
Any responses send them across ASAP as this article is being written at lunchtime.