Analyst207May 3

Microsoft Defender Flags DigiCert Certificates as Malware in False Positives

Microsoft Defender's recent signature update mistakenly flagged legitimate DigiCert root certificates as malware, causing widespread alerts and removal of the certificates, and even prompting some users to reinstall Windows. DigiCert quickly revoked the affected certificates within 24 hours of discovery,…

https://osintsights.com/microsoft-defender-flags-digicert-certificates-as-malware-in-false-positives?utm_source=mastodon&utm_medium=social

#FalsePositives #MicrosoftDefender #Digicert #CertificateRevocation #MalwareDetection

Microsoft Defender Flags DigiCert Certificates as Malware in False Positives

Learn how Microsoft Defender's false positives flagged DigiCert certificates as malware and find out the immediate impact on users and systems worldwide now.

OSINTSights
Analyst207Apr 13

OpenAI Disrupts macOS App Signing Process After Supply Chain Breach

OpenAI recently took swift action to protect its users by revoking a macOS app certificate after discovering a malicious library had been downloaded through a GitHub Actions workflow used to sign its applications. This move highlights the vulnerability of even trusted software signing processes to supply chain breaches, and the…

https://osintsights.com/openai-disrupts-macos-app-signing-process-after-supply-chain-breach?utm_source=mastodon&utm_medium=social

#SupplyChain #Macos #AppSecurity #CertificateRevocation #GithubActions

OpenAI Disrupts macOS App Signing Process After Supply Chain Breach

OpenAI disrupts macOS app signing process after supply chain breach, revoking certificates to protect users, learn more about the incident now.

OSINTSights
Peter MountJul 30, 2024

If anyone uses DigiCert for their certificates, be aware they are revoking a lot of them over the next 24 hours & you need to renew them before then.

https://www.digicert.com/support/certificate-revocation-incident

I'm not affected as I don't use them but this could cause chaos for those that do

#digiCert #certificateRevocation

Certificate Revocation Incident | DigiCert

OPSEC Cybersecurity News LiveMar 16, 2023
Do current browsers still validate CRLs in enterprise PKI environments

https://security.stackexchange.com/questions/269162/do-current-browsers-still-validate-crls-in-enterprise-pki-environments

#publickeyinfrastructure #certificaterevocation
Do current browsers still validate CRLs in enterprise PKI environments

I know that modern web browsers don't check CRLs for certificates from CAs in the default trust store anymore. I also know that there are some exceptions for certificate validation when it comes to

Information Security Stack Exchange
OPSEC Cybersecurity News LiveMar 12, 2023
Does a certificate revocation list (CRL) keep it's entries at least as long as the certificate would have been valid?

https://security.stackexchange.com/questions/269076/does-a-certificate-revocation-list-crl-keep-its-entries-at-least-as-long-as-t

#certificaterevocation #certificateauthority #certificates
Does a certificate revocation list (CRL) keep it's entries at least as long as the certificate would have been valid?

This question is specifically about certificates that should have had a long lifetime, but were revoked quickly. Is every CRL issued by this CA guaranteed to include its revocation, as long as the

Information Security Stack Exchange