#digicert — Public Fediverse posts

Just about the entire internet uses certificate authorities to establish trust. Here, a simple old-school social engineering trick broke this trust and allowed hackers to get signed certificates from DigiCert for their malware.

There is a better way to establish certificate trust that doesn't rely on a 3rd party, and it's free too. It's called DANE, which binds the trust directly to the Domain Name System by using DNSSEC. DANE is ideal for code signing certificates (and other uses), but is overlooked.

This attack is virtually impossible under DANE. A vulnerable support person is of no use. Hackers would need to directly compromise the target's DNS infrastructure, the registrar, and the top-level domain authority. All three. Nearly impossible compared to just finding some dupe at the CA in a public chat room.

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#DANE #CertificateAuthorities #DigiCert

Just about the entire internet uses certificate authorities to establish trust. Here, a simple old-school social engineering trick broke this trust and allowed hackers to get signed certificates from DigiCert for their malware.

There is a better way to establish certificate trust that doesn't rely on a 3rd party, and it's free too. It's called DANE, which binds the trust directly to the Domain Name System by using DNSSEC. DANE is ideal for code signing certificates (and other uses), but is overlooked.

This attack is virtually impossible under DANE. A vulnerable support person is of no use. Hackers would need to directly compromise the target's DNS infrastructure, the registrar, and the top-level domain authority. All three. Nearly impossible compared to just finding some dupe at the CA in a public chat room.

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#DANE #CertificateAuthorities #DigiCert

Just about the entire internet uses certificate authorities to establish trust. Here, a simple old-school social engineering trick broke this trust and allowed hackers to get signed certificates from DigiCert for their malware.

There is a better way to establish certificate trust that doesn't rely on a 3rd party, and it's free too. It's called DANE, which binds the trust directly to the Domain Name System by using DNSSEC. DANE is ideal for code signing certificates (and other uses), but is overlooked.

This attack is virtually impossible under DANE. A vulnerable support person is of no use. Hackers would need to directly compromise the target's DNS infrastructure, the registrar, and the top-level domain authority. All three. Nearly impossible compared to just finding some dupe at the CA in a public chat room.

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#DANE #CertificateAuthorities #DigiCert

Just about the entire internet uses certificate authorities to establish trust. Here, a simple old-school social engineering trick broke this trust and allowed hackers to get signed certificates from DigiCert for their malware.

There is a better way to establish certificate trust that doesn't rely on a 3rd party, and it's free too. It's called DANE, which binds the trust directly to the Domain Name System by using DNSSEC. DANE is ideal for code signing certificates (and other uses), but is overlooked.

This attack is virtually impossible under DANE. A vulnerable support person is of no use. Hackers would need to directly compromise the target's DNS infrastructure, the registrar, and the top-level domain authority. All three. Nearly impossible compared to just finding some dupe at the CA in a public chat room.

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#DANE #CertificateAuthorities #DigiCert

Just about the entire internet uses certificate authorities to establish trust. Here, a simple old-school social engineering trick broke this trust and allowed hackers to get signed certificates from DigiCert for their malware.

There is a better way to establish certificate trust that doesn't rely on a 3rd party, and it's free too. It's called DANE, which binds the trust directly to the Domain Name System by using DNSSEC. DANE is ideal for code signing certificates (and other uses), but is overlooked.

This attack is virtually impossible under DANE. A vulnerable support person is of no use. Hackers would need to directly compromise the target's DNS infrastructure, the registrar, and the top-level domain authority. All three. Nearly impossible compared to just finding some dupe at the CA in a public chat room.

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#DANE #CertificateAuthorities #DigiCert

📢⚠️ Hackers tricked #DigiCert support staff into executing a malicious file, allowing attackers to obtain code-signing certificates later used to sign malware. DigiCert revoked 60 certificates after the breach was reported.

Read: https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#CyberSecurity #Malware #InfoSec #CyberAttack #DataBreach

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows

#MicrosoftDefender wrongly flags #DigiCert certs as #Trojan:Win32/Cerdigent(dot)A!dha

https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/

#cybersecurity #Microsoft

#DigiCert customer support compromised with .scr ZIP attachment 🤷

During our investigation between 2026-04-14 and 2026-04-17, as DigiCert identified certificates potentially affected by the threat actor’s actions, we revoked them. DigiCert revoked 60 certificates issued from the following CAs:

• DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1
• DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
• GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1
• Verokey High Assurance Secure Code EV

https://bugzilla.mozilla.org/show_bug.cgi?id=2033170

#x509 #infosec

The Internet Last Week

* DigiCert CA bundle expiry
https://help.duo.com/s/article/9451
* Various US DoD route updates
https://www.cidr-report.org/cgi-bin/as-report?as=AS306
https://stat.ripe.net/widget/routing-history#resource=306&starttime=2026-03-29
https://www.cidr-report.org/cgi-bin/as-report?as=AS721
https://stat.ripe.net/widget/routing-history#resource=721&starttime=2026-03-29
https://www.cidr-report.org/cgi-bin/as-report?as=AS27064
https://stat.ripe.net/widget/routing-history#resource=27064&starttime=2026-03-29
https://www.cidr-report.org/cgi-bin/as-report?as=AS27065
https://stat.ripe.net/widget/routing-history#resource=27065&starttime=2026-03-29
* Quad9 enables DoH3 and DoQ
https://quad9.net/news/blog/quad9-enables-dns-over-http-3-and-dns-over-quic/

#DigiCert #X509 #BGP #USDoD #Quad9 #DNS

DigiCert Revokes Thousands of SSL Certificates Over Validation Error https://thecyberexpress.com/digicert-ssl-certificates-validation-error/ #CertificateAuthority #TheCyberExpressNews #CybersecurityNews #DomainValidation #CA/BrowserForum #SSLCertificates #TheCyberExpress #Websitesecurity #CyberSecurity? #OnlineSecurity #TechnicalError #FirewallDaily #DataSecurity #DigiCert