Just about the entire internet uses certificate authorities to establish trust. Here, a simple old-school social engineering trick broke this trust and allowed hackers to get signed certificates from DigiCert for their malware.

There is a better way to establish certificate trust that doesn't rely on a 3rd party, and it's free too. It's called DANE, which binds the trust directly to the Domain Name System by using DNSSEC. DANE is ideal for code signing certificates (and other uses), but is overlooked.

This attack is virtually impossible under DANE. A vulnerable support person is of no use. Hackers would need to directly compromise the target's DNS infrastructure, the registrar, and the top-level domain authority. All three. Nearly impossible compared to just finding some dupe at the CA in a public chat room.

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#DANE #CertificateAuthorities #DigiCert

#DigiCert und die Sicherheit. 🙁

Kriminelle sind kreativ wie man sehen kann:

"On 2 April 2026, DigiCert’s support team became the target of a carefully planned attack, which allowed hackers to steal EV Code Signing certificates by simply pretending to be a customer in a help chat."

Und wie ging es weiter:

"While the company thought the situation was under control by 3 April, a second machine, ENDPOINT2, was also compromised on 4 April. This machine had a malfunctioning CrowdStrike sensor, which created a gap in their Endpoint Detection and Response (EDR), due to which no telemetry data reached the security team to warn them of the breach."

Und was bedeutet das nun:

"DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware."

Da ist also nicht ganz so sicher wie man es gerne hätte. Wünsche den Admins viel Erfolg bei den Updates. 🙂

https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

📢⚠️ Hackers tricked #DigiCert support staff into executing a malicious file, allowing attackers to obtain code-signing certificates later used to sign malware. DigiCert revoked 60 certificates after the breach was reported.

Read: https://hackread.com/hackers-digicert-issue-certificates-sign-malware/

#CyberSecurity #Malware #InfoSec #CyberAttack #DataBreach

#LetsEncrypt has suspended issuing certificates after it identified security issues in one of its roots (!)[^1]

We temporarily disabled certificate issuance, deployed a configuration change to prevent future issuance from the cross-signed Gen Y hierarchy, and then re-enabled issuance. Certificate revocation and CRL generation remains functional for Gen Y certificates.

A few days ago #DigiCert was hacked with a Windows (!) screensaver (!)[^2]

I cannot but remind that both organisations are part of the #WebTrust cartel who had last year unrolled a massive “grassroots” smear campaign against EU #QWAC certificates, presenting them as “security and privacy threat”, whereas from both legal and technical point of view QWAC is much more secure:

https://krvtz.net/en/posts/the-real-story-behind-eu-qwac.html

[^1]: https://community.letsencrypt.org/t/2026-05-08-gen-y-cross-certified-subordinate-cas-missing-serverauth-eku/247105

[^2]: https://cybersecuritynews.com/digicert-hacked-screensaver/

📢 DigiCert compromis via ingénierie sociale : émission non autorisée de certificats EV Code Signing
📝 ## 🔍 Contexte

Source : Help Net Security, publié le 4 mai 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-05-08-digicert-compromis-via-ingenierie-sociale-emission-non-autorisee-de-certificats-ev-code-signing/
🌐 source : https://www.helpnetsecurity.com/2026/05/04/digicert-breach-code-signing-certificates-malware/
#Code_Signing #DigiCert #Cyberveille

📢 Faux positifs Microsoft Defender sur certificats DigiCert liés à une brèche réelle de l'AC
📝 ## 🗓️ Contexte

Publié le 3 mai 2026 sur BleepingComputer par La...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-06-faux-positifs-microsoft-defender-sur-certificats-digicert-lies-a-une-breche-reelle-de-l-ac/
🌐 source : https://www.bleepingcomputer.com/news/security/microsoft-defender-wrongly-flags-digicert-certs-as-trojan-win32-cerdigentadha/
#APT_Q_27 #DigiCert #Cyberveille

https://winbuzzer.com/2026/05/06/microsoft-defender-digicert-root-certificates-cerdigent-false-positive-xcxwbn/

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

#MicrosoftDefender #Microsoft #DigiCert #Cybersecurity #Malware #AntivirusSoftware #WindowsSecurity #ThreatIntelligence #Windows11 #MicrosoftWindows