FlagThis

MasterCard recently corrected a critical DNS error that had gone unnoticed for nearly five years. A misconfiguration in one of their domain name server settings, used to direct internet traffic, could have allowed malicious actors to intercept or divert traffic for the company. The error was a typo where one of their DNS servers was incorrectly configured to use "akam.ne" instead of the correct "akam.net". This mistake potentially exposed them to cyberattacks, as the misconfigured domain could be used to redirect traffic and intercept emails.

The error was discovered by security researcher Philippe Caturegli, founder of Seralys, who noticed the domain "akam.ne" was unregistered. He spent $300 to register it with the top-level domain authority in Niger to prevent cybercriminals from exploiting it. After registering the domain, Caturegli found hundreds of thousands of DNS requests hitting his server daily indicating widespread misconfigurations by others. Caturegli alerted MasterCard about the error, who have since fixed the typo, stating there was no risk to their systems.

ImgSrc: cyberplace.soci

References :

• cyberplace.social: Incredible situation where somebody managed to gain access to Mastercard DNS by registering a domain name - and now there’s a campaign to silence the researcher under the banner “responsible disclosureâ€�.
• krebsonsecurity.com: MasterCard DNS Error Went Unnoticed for Years
• malware.news: The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name.
• www.linkedin.com: MasterCard DNS Error Went Unnoticed for Years

Classification:

• HashTags: #DNS #MasterCard #SecurityIncident
• Company: MasterCard
• Target: MasterCard
• Product: DNS
• Feature: DNS Misconfiguration
• Type: Vulnerability
• Severity: Medium