Security Experts:

Connect with us

Hi, what are you looking for?


Security Infrastructure

Dutch CA Gemnet Suspends Services Following Cyber Attack

Yet another certificate authority (CA) has added its name to the list of CAs hacked this year.

Yet another certificate authority (CA) has added its name to the list of CAs hacked this year.

Gemnet, a subsidiary of KPN, took its Website taken offline as it investigates the attack. According to a statement by KPN, the “hack of the site has no connection with the issuance and management of Government PKI certificates.”

The incident was made public in a report by Webwereld, which reported that the attacker was able to hack through a phpMyAdmin installation that was not protected by a password. Though few details have been released so far by the company, KPN said the attackers compromised a server. The company is investigating the incident, and said the hacker only had access to “general visitor information.” In the meantime, the Gemnet Website remains down.

This is one of a number security incidents involving CAs this year. Last month, KPN temporarily stopped issuing certificates after concerned were raised about a possible breach. In March, an attacker hit a Comodo affiliate registration authority and stole the username and password for a trusted Comodo partner. Five months later, certificate authority DigiNotar admitted it had been hacked earlier in the year. In the ensuing fallout, browser vendors revoked hundreds of bogus SSL certificates that were issued by DigiNotar. The situation ultimately forced the company to declare bankruptcy in September.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.