HomeCyber BalkansTLS security compromised by CA reliance on outdated WHOIS servers

TLS security compromised by CA reliance on outdated WHOIS servers

Published on

spot_img

Researchers reported a surprising revelation in their latest findings, stating that over 135,000 unique systems have been identified communicating with them. As of September 4, 2024, there were a staggering 2.5 million queries made to these systems. The researchers highlighted the diverse range of entities making queries, including various mail servers for government and military domains utilizing the WHOIS server to inquire about the domains they receive emails from. Additionally, several cybersecurity tools and companies were still relying on this WHOIS server for authoritative information, including VirusTotal, URLSCAN, and Group-IB.

Notably, domain registrars like GoDaddy and Name.com, alongside online WHOIS and SEO tools, as well as numerous universities, were also found to be querying the old server address. Furthermore, governments from countries such as the US, Ukraine, Israel, India, Pakistan, Bangladesh, Indonesia, Bhutan, the Philippines, and Ethiopia were among those whose systems interacted with the now rogue WHOIS server.

In response to these concerning findings, the researchers collaborated with the UK’s National Cyber Security Centre and the Shadowserver Foundation to take action. They successfully took control of the dotmobiregistry.net domain and configured it to function as a proxy, providing correct WHOIS responses from whois.nic.mobi. This strategic move aimed to address the issues arising from the continued use of the outdated WHOIS server by various entities.

The researchers emphasized the critical importance of addressing this issue promptly, given the potential security risks associated with relying on an obsolete and compromised WHOIS server. By working alongside cybersecurity experts and organizations, they took proactive steps to mitigate the impact of this alarming discovery. The cooperation between the researchers, the UK’s National Cyber Security Centre, and the Shadowserver Foundation demonstrates a coordinated effort to safeguard against potential cyber threats stemming from the misuse of outdated WHOIS servers.

Moving forward, it is essential for organizations and individuals to stay vigilant and ensure they are using updated and secure systems to protect sensitive information. The incident serves as a reminder of the evolving nature of cybersecurity threats and the imperative need for constant monitoring and proactive measures to safeguard against potential risks. Collaboration between cybersecurity professionals and researchers proves to be a vital tool in addressing and responding to such security concerns effectively.

Source link

Latest articles

Scattered Spider Suspect Extradited from Finland to the United States

Suspected Cybercriminal Extradited to U.S. from Finland: Peter Stokes and the Scattered Spider Group In...

Researcher Discusses Release of Undisclosed Zero-Day Exploits

A pseudonymous security researcher, operating under the monikers ‘bikini’ and ‘ashdfrkl’ on various platforms,...

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

More like this

Scattered Spider Suspect Extradited from Finland to the United States

Suspected Cybercriminal Extradited to U.S. from Finland: Peter Stokes and the Scattered Spider Group In...

Researcher Discusses Release of Undisclosed Zero-Day Exploits

A pseudonymous security researcher, operating under the monikers ‘bikini’ and ‘ashdfrkl’ on various platforms,...

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...