Getting flooded with Cerdigent alerts after today's Defender TI update? It's a false positive.
Dropped a KQL query on GitHub to hunt the impacted registry keys and triage the noise.
github.com/LeDevK/Cerdige…
#MicrosoftDefender #KQL #SOC
English
itquartz
287 posts
itquartz
@itquartz
#Cybersecurity | #ThreatIntelligence | #PurpleTeam | #SOC
France Katılım Temmuz 2017
902 Takip Edilen69 Takipçiler
Anyone else seeing Microsoft #Defender flagging #DigiCert root certificate registry keys as malware?
We’ve seen reports that Defender signature update from April 30 added a detection called:
Trojan:Win32/Cerdigent.A!dha
In some environments, Defender apparently detected DigiCert Root CA certificate registry entries and removed them from the trust store.
The affected cert hashes mentioned so far:
0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
Example path:
HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
There’s also a Reddit comment suggesting Microsoft has started restoring the certs and that admins can check this via Advanced Hunting in Defender:
DeviceRegistryEvents
| where RegistryKey contains "0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43"
or RegistryKey contains "DDFB16CD4931C973A2037D3FC83A4D7D775D05E4"
| where ActionType == "RegistryKeyCreated"
| where Timestamp > datetime(2026-05-03T04:00:00)
| project Timestamp, DeviceName, ActionType, InitiatingProcessFileName
| order by Timestamp desc
On an affected device, this can also be checked with:
certutil -store AuthRoot | findstr -i "digicert"
Could become an annoying day for admins if this spreads
reddit.com/r/cybersecurit…
English
@McGrewSecurity emergency for what ?
What are the consequences of abolishing these certificates?
English
Re: Cerdigent, this also just flagged on a fresh ARM Windows VM I installed weeks ago, so it’s not indicative of an active attack in your environment if you’re seeing it as well.
It is likely some kind of emergency “somewhere” as the normal thing to do would be to revoke and remove these certs through windows update.
kleos@dcchaser3
@McGrewSecurity It's just flagging these Root Digicerts for some reason and labeling it as Cerdigent Affected items: rootcert: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 rootcert: DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
English
🚨🔴 Ça vire au pugilat cette histoire de Pass Numérique piraté avant même sa sortie ! 🤯😬
La vérification d'âge est compromise certainement pour le 1er septembre 2026...
Paul Moore, expert en cybersecurité, a dans sa lancée créée une extension pour Chrome qui dit que vous avez la majorité numérique, contourne la vérification d'âge et donne accès au réseau social...
Je sens que ça va bcp faire couler d'encre encore !
Paul Moore - Security Consultant @Paul_Reviews
Bypassing #EU #AgeVerification using their own infrastructure. I've ported the Android app logic to a Chrome extension - stripping out the pesky step of handing over biometric data which they can leak... and pass verification instantly. Step 1: Install the extension Step 2: Register an identity (just once) Step 3: Continue using the web as normal The extension detects the QR code, generates a cryptographically identical payload and tells the verifier I'm over 18, which it "fully trusts". This isn't a bug... it's a fundamental design flaw they can't solve without irrevocably tying a key to you personally; which then allows tracking/monitoring. Of course, I could skip the enrolment process entirely and hard-code the credentials into the extension... and the verifier would never know.
Français
@UK_Daniel_Card We had needs at my company like alternative to ilovepdf.
So I vibe coded a full offline alternative to iLovePDF.
€20 + 2 days with Claude Code → full PDF toolkit, no data leaving the machine.
People can stay mad, we’re just shipping.
github.com/LeDevK/pdf-fus…
English
@IntCyberDigest Google drops a “6x less RAM needed” breakthrough right when memory prices spike.
I’m sure it’s 100% about innovation and 0% about timing. 👀
English
‼️ Google just tanked RAM and NAND stocks solving the memory shortage crisis by introducing an algorithm that requires 6x less DRAM and runs 8x faster, with zero accuracy loss.
They call it TurboQuant. Hardware prices are expected to drop even further now.
English
AI in cybersecurity should make life of your skilled security experts easier.
Security professionals capable of operating complex tools are hard to find, and even harder to replace. Their time should be spent on advanced investigations, not repetitive tasks. With Kaspersky Next Expert, AI handles the routine work, reducing cognitive load and accelerating detection and investigation.*
KIRA is here to support your SOC. >> kas.pr/my3h
#KasperskyNextExpert #AI #SOC #ThreatDetection #CyberSecurity
*To access this feature, an additional license and integration with an LLM provider is needed
English
@0x0SojalSec How do you interact with it for chart analysis or code debugging? Do you use Open WebUI?
English
Qwen 3.5 9b Runs on 8GB RAM. Less than Chrome
256K token context, frontier-level reasoning, Native OCR + multimodal, chain-of-thought, image understanding, and multilingual support across 100+ languages,
Beats many 70B+120B models in reasoning.
English
On ne parle pas assez de la facilité monstre d'utilisation de l'intelligence artificielle pour le côté désinformation en Afrique...
Ces dernières semaines je suis à la fois tellement surpris mais aussi apeuré de voir que sur de nombreuses pages, sur fb et tiktok, sont partagés des images et vidéos totalement générées par l'IA, et que les populations africaines prennent pour argent comptant !
Les prochaines élections présidentielles sur le continent sans compter les grands événements sportifs risquent d'être très compliqués !
En attendant rien côté gouvernements africains pour anticiper ces campagnes de désinformation... pire encore aucune éducation à détecter les fausses images/vidéos pour les populations...
Ça va être folklo !
Lors de mes prochaines conférences et prises de parole en Afrique, l'accent sera mis là-dessus !
Français
@ValeryMarchive @hopitaldecannes Bonjour, je n'ai pas saisi l'objectif du thread. Pointez-vous du doigt la communication du CH ? Que cherchez-vous à mettre en évidence ? Qu'elle aurait été la version parfaite de l'histoire si tant est qu'il en existe une ? Vraies questions par de sarcasmes ici.
Français
La #comcrise de l'@hopitaldecannes, suite à la cyberattaque de mi-avril est une énième illustration du chemin qui reste à parcourir en la matière.
Hier, le CH a réagi à la revendication publiée chez #LockBit 3.0, sans la réfuter. #ransomware
Français
itquartz retweetledi
Je souhaite sincèrement et sympathiquement bienvenue 🙂aux milliers des personnes qui chaque jour, en 🇫🇷, rejoignent la cybersécurité. 🙏🏻 de rejoindre un secteur éclatant 😉. Cependant, ayez l'humilité de penser à apprendre la cybersécurité avant de faire des conférences 😱
Neuilly-sur-Seine, France 🇫🇷 Français
Hey @vxunderground Do you plan to make your vx-underground Collection HDD available again? And when? Thank you guys !
English
View my verified achievement from @CertifyGIAC. credly.com/badges/b3693ea…
English
itquartz retweetledi
GhostSec, along with the Stormous #ransomware group, allegedly claims to have gained unauthorized access to Econocom group. They claim to have access to 70GB of company data.
#France #Econocom
#GhostSec #Stormous #databreach #cyberattack
English
A horrific and tragic story, but this can serve as a good example of ACH (analysis of competing hypothesis) with a mix of temporal analysis to remove bias from Intelligence investigations.
English