News 12-09-2022

Latest News in Digital Trust — 2022 Year in Review

Blog Hero Image for Year in review

2022 was a busy year for digital security. In our connected world, threats are increasing, and digital trust has never been more critical so that users have confidence in their digital interactions.

This post will review what occurred this year in digital trust. Additionally, don’t miss our security predictions for 2023.

DigiCert News




  • Microsoft  retired Internet Explorer  June 15. Internet Explorer had been functioning for about  27 years  and Microsoft is retiring it in favor of the newer Microsoft Edge. If users are still going to Internet Explorer, Microsoft plans to temporarily redirect them to Microsoft Edge.
  • Chrome announced a new Root Program  in a blog post in September. Previously, Chrome relied on the Root store on the platform it was running, but with this new move, Chrome will have a consistent, more secure root across all platforms with minimum requirements for all CAs to be trusted in their Root program. We covered the Chrome Root program and its requirements in more detail in our June recap of the CA/Brower Forum:

European standards

  • The E.U. announced its first move for IoT cybersecurity legislation, the first E.U.-wide legislation that will impose cybersecurity rules on manufacturers and enforce massive fines and penalties on manufacturers and developers for failure to comply. For E.U. consumers, this is a major step forward in giving them better purchasing power and trust in their devices. The EU Cyber Resilience Act is currently still being examined by the European Parliament, but once passed manufacturers will have up to two years to enforce compliance.
  • The European Parliament and E.U. Member States reached an agreement on a  directive on measures for a high common level of cybersecurity across the Union  in early May. The existing rules were the first E.U.-wide legislation on cybersecurity; however, an update was needed to offer more digital trust amidst increasing
  • The legislative process for updates to Europe's eID and electronic transactions laws (known as eIDAS2) are in advanced negotiations and expected to move to vote in 2023. One important goal is to foster a Europe-wide eID scheme, with interoperable digital wallets provided by each eID country. The goal is to have 80% of EU citizens regularly using eID by 2030.
  • Switzerland’s Federal Council announced  that the new data protection law will enter into effect on Sept. 1, 2023. The Data Protection Act (DSG) is designed to ensure that Switzerland maintains a high level of data privacy compatible with E.U. regulation for cross-border data transmission to continue without additional requirements.

U.S. standards

  • The White House hosted a meeting with tech industry leaders in October to create a new standard for security labels for IoT devices, planned to launch Spring 2023. This security “nutrition label” will help consumers easily access information about their smart devices, such as vulnerability and interoperability with other products. Learn more.
  • NIST, the U.S. National Institute of Standards and Technology,  outlined what IoT and software security labels could look like. Similar to nutrition labels, these labels would give consumers more information about their purchase, specifically in regard to the privacy and security of the device or software. 
  • President Joe Biden signed the CHIPS and Science Act  into law in early August. The legislation will provide billions in incentives to CHIP manufacturers and will fund public research to help boost the United States’ competitive edge and solve supply chain issues. As CHIP manufacturers move operations to the United States, they should partner with a leader in digital trust capable of helping them inject trust into their silicon and manage it at any stage in the product lifecycle.
  • The  FBI announced they will form a digital currency unit  specializing in blockchain analysis and virtual asset seizure. The announcement comes after the largest virtual asset seizure to date, with the FBI charging a New York couple with laundering over $4.5 billion in bitcoin



  • According to cybersecurity researchers at Proofpoint, hackers have been increasingly finding ways around multi-factor authentication  (MFA), including using phishing kits. Phishing kits  allow attackers to harvest and use credentials and are typically inexpensive. Newer kits enable hackers to steal not only usernames and passwords but also MFA tokens and more.
  • GitHub announced that it will start using code signing  for its npm software packages to protect its open-source registry. The move comes after vulnerabilities like Log4Shell raised concerns that there is no guarantee that open-source packages on npm are built from the same source code that’s published. Code signing builds will authenticate where the software came from, adding another layer of digital trust. 
  • Meta Platforms announced that it would be notified about a million  Facebook users of their account credentials being compromised  after they identified more than 400 malicious Android and iOS apps scamming users to share their login information. Apple and Google have both removed the apps, and Meta says it will be sharing tips to help potential victims avoid compromising their credentials with problematic apps.

Data breaches

  • A recent survey  found that about half of businesses from over a dozen countries have experienced a data breach in the last two years. The study found that data breaches are increasing, and with an increasing threat landscape comes increased costs and resources spent in remediation.
  • Nearly  $2 million worth of NFTs  were stolen in just three hours in an apparent phishing attack. The attack targeted OpenSea users using a vulnerability in the open-source standard underlying most NFT smart contracts. The attackers were able to use valid digital signatures in partially complete contracts but transfer the contract to their own wallets.



  • On July 21, it was publicly confirmed that Entrust suffered a cyberattack  on June 18. Their internal network was breached by a third party, and corporate data was stolen. However, it is not yet known if customer and/or vendor data was stolen. Entrust sent a security notice to their customers on July 6 letting them know of the data breach, saying that “we have found no indication to date that the issue has affected the operation or security of our products and services.”

Click here  to see the whole series on the latest news in digital trust.

Get the IDC whitepaper Digital Trust: The Foundation for Digital Freedom | DigiCert to read more about digital trust—what it is, how it works, and why it must be a strategic initiative for any organization, including yours.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min