Yet another certificate authority (CA) has added its name to the list of CAs hacked this year.
Gemnet, a subsidiary of KPN, took its Website taken offline as it investigates the attack. According to a statement by KPN, the “hack of the site has no connection with the issuance and management of Government PKI certificates.”
The incident was made public in a report by Webwereld, which reported that the attacker was able to hack gemnet.nl through a phpMyAdmin installation that was not protected by a password. Though few details have been released so far by the company, KPN said the attackers compromised a server. The company is investigating the incident, and said the hacker only had access to “general visitor information.” In the meantime, the Gemnet Website remains down.
This is one of a number security incidents involving CAs this year. Last month, KPN temporarily stopped issuing certificates after concerned were raised about a possible breach. In March, an attacker hit a Comodo affiliate registration authority and stole the username and password for a trusted Comodo partner. Five months later, certificate authority DigiNotar admitted it had been hacked earlier in the year. In the ensuing fallout, browser vendors revoked hundreds of bogus SSL certificates that were issued by DigiNotar. The situation ultimately forced the company to declare bankruptcy in September.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Virtual Event Today: Supply Chain & Third-Party Risk Summit
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
