Microsoft has blacklisted a fraudulent SSL certificate the company said could be used to spoof content and perform phishing and man-in-the-middle attacks.
In a security advisory, Microsoft said the SSL certificate, which was issued for the “live.fi” domain, has also been revoked by Comodo, the issuing Certificate Authority (CA). According to Microsoft, the certificate cannot be used to issue other certificates, impersonate other domains or sign code.
“A certificate was improperly issued due to a misconfigured privileged email account on the live.fi domain,” according to the advisory. “An email account was able to be registered for the live.fi domain using a privileged username, which was subsequently used to request an unauthorized certificate for that domain.”
So far, no attacks are known to be taking advantage of the situation, the advisory noted.
An attacker could use the certificates to spoof content and launch attacks against live.fi and www.live.fi, the Microsoft advisory explained.
“Although this issue does not result from an issue in any Microsoft product, we are nevertheless updating the CTL (Certificate Trust List) and providing an update to help protect customers,” according to Microsoft. “Microsoft will continue to investigate this issue and may make future changes to the CTL or release a future update to help protect customers.”
“Certificate Authorities are under constant attack from fraud attempts,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “The problem is we don’t hear about most of the successes. And you don’t have to attack a major global CA to be successful in getting a trusted certificate — for example, there are hundreds of trusted CAs in every iOS device.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
