The global e-commerce company will pay millions of dollars in two separate lawsuits because of privacy and security violations, the FTC says. Read More
Related Posts
DigiCert to Revoke Thousands of Certificates Following DNS Validation Error
DigiCert to Revoke Thousands of Certificates Following DNS Validation Error
DigiCert, a major certificate authority, to revoke thousands of SSL/TLS certificates because of a Domain Control Verification error. This could affect a lot of websites.
The company discovered that an oversight in the DNS-based verification process affected approximately 0.4% of its applicable domain validations.
The problem stems from DigiCert’s failure to include an underscore prefix in the random value used for CNAME-based domain validation. While seemingly minor, this oversight violates the strict guidelines set by the CA/Browser Forum (CABF) for proper domain control verification.
The CABF Baseline Requirements mandate that when using DNS CNAME records for domain validation, the random value must be prefixed with an underscore character in certain cases.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
This requirement ensures that the validation subdomain cannot collide with an actual domain name, even though the chances of such a collision are extremely low.
DigiCert has notified affected customers, who must now replace their certificates within 24 hours. This urgent timeline is due to CABF rules that require non-compliant certificates to be revoked within 24 hours of discovery, without exception.
“Any issue with domain validation is considered a serious issue by CABF and requires immediate action. Failure to comply can result in a distrust of the Certificate Authority. As such, we must revoke all impacted certificates within 24 hours of discovery. No extensions or delays are permitted. We apologize if this causes a business disruption to you and are standing by to assist you with validating your domain and issuing replacement certificates immediately,” Digicert said.
Impacted customers are advised to:
Log in to their DigiCert CertCentral account
Identify affected certificates
Reissue or rekey the impacted certificates
Complete any additional required validation steps
Install the newly issued SSL/TLS certificates
DigiCert traced the issue back to changes made in their domain validation systems in August 2019. The company’s modernization efforts inadvertently removed a crucial step in its validation process, which went undetected due to limitations in its regression testing.
How to check for Certificate Revocation
Certutil Command-Line Tool: Available on Windows, this tool can verify certificates and CRLs.
certutil -f -urlfetch -verify mycertificatefile.cer
Sending an OCSP Request: Use a tool like OpenSSL to send an OCSP request to the URL obtained in the previous step:
openssl ocsp -issuer issuer.crt -cert cert.crt -url <OCSP_URL>
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The post DigiCert to Revoke Thousands of Certificates Following DNS Validation Error appeared first on Cyber Security News.
Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update
Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update
Malware authors are exploiting the growing popularity of QR codes to target users through PDF files, where these malicious PDFs, often delivered via email disguised as faxes, contain QR codes that trick users into scanning them with their smartphones.
QR codes can be linked to malware downloads or phishing sites cleverly disguised as legitimate sources, such as security updates or SharePoint document links, which bypass traditional email security checks and leverage the trust users place in QR codes for everyday tasks.
Phishing scammers are impersonating the Microsoft login page by utilizing a QR code that redirects users through a benign-looking host (bing.com) to a phishing URL.
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
The deceptive URL, obfuscated with Base64 encoding, ultimately leads to a login page designed to steal Microsoft account credentials such as the user ID and password.
The phishing page itself is designed to look like the authentic login interface used by Microsoft, which further increases the likelihood of the scam’s success.
Phishing attacks are evolving to use QR codes to trick users into entering their credentials on malicious websites, which can be designed to look like legitimate login pages and may even prefill the username field to increase believability.
Once a user enters their credentials, the attacker can steal them and use them to gain unauthorized access to the user’s email, personal information, and potentially sensitive corporate data.
Malicious QR codes can exploit vulnerabilities in mobile device QR scanners to circumvent user consent and carry out harmful actions.
It includes silently downloading and installing malware, subscribing users to premium SMS services, which results in unexpected charges, or initiating calls to premium rate numbers, which incurs high costs.
Even more serious, QR code exploits can steal login credentials, launch denial-of-service attacks, compromise user networks, and damage the reputation of targeted individuals or organizations.
According to SonicWall Indicators of Compromise (IOCs) and URLs suspected to be malicious, likely file hashes are represented in hexadecimal format, which could be compared to a database of known malicious files to identify potential threats.
The URLs are obfuscated with techniques like character substitution (e.g., ‘r’ for ‘e’).
Decoded, these URLs could lead to phishing sites or malware downloads, while analyzing these IOCs and URLs together can help security professionals detect and prevent cyberattacks.
Are you from SOC/DFIR Teams? – Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The post Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update appeared first on Cyber Security News.