DigiCert recently revoked 60 certificates that were fraudulently obtained after a cyberattack on its internal support portal, where hackers exploited a vulnerability to access EV Code Signing certificates. The company has since improved its security measures to prevent similar incidents in the future.
DigiCert's recent incident underscores the critical importance of robust endpoint security and multi-factor authentication. The breach, which led to fraudulent certificate issuance, was exacerbated by malfunctioning security solutions that delayed detection. As a cybersecurity professional, enhancing endpoint protection and enforcing strict access controls, such as multi-factor authentication for all administrative actions, are actionable steps to prevent similar vulnerabilities in your organization.