Legitimate (according to the rather dubious standards of SSL certificates), but it's not the same certificate they used to use, issued to Tibanne Co.

At least it is the same CA, DigiCert (AFAIK). DigiCert has fairly high standards so they probably examined closely when a different org requested an EV cert for that domain. For what that's worth.

Yes, you're probably right, I just recall very clearly that they had emphasized in all of their security warnings to check for the certificate from Tibanne Co, and the current certificate is not.