A targeted social engineering attack against DigiCert's support channel led to a breach via a malicious ZIP file disguised as a customer screenshot, resulting in the unauthorized issuance of EV Code Signing certificates. The article does not provide a CVSS score, specific affected software versions, fixed versions, or workarounds.
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the support team via a customer chat channel and delivered a malicious ZIP file disguised as a customer screenshot, which contained … More → The post DigiCert breached via malicious screensaver file appeared first on Help Net Security .