FlagThis

MasterCard recently corrected a critical DNS error that had gone unnoticed for nearly five years. A misconfiguration in one of their domain name server settings, used to direct internet traffic, could have allowed malicious actors to intercept or divert traffic for the company. The error was a typo where one of their DNS servers was incorrectly configured to use "akam.ne" instead of the correct "akam.net". This mistake potentially exposed them to cyberattacks, as the misconfigured domain could be used to redirect traffic and intercept emails.

The error was discovered by security researcher Philippe Caturegli, founder of Seralys, who noticed the domain "akam.ne" was unregistered. He spent $300 to register it with the top-level domain authority in Niger to prevent cybercriminals from exploiting it. After registering the domain, Caturegli found hundreds of thousands of DNS requests hitting his server daily indicating widespread misconfigurations by others. Caturegli alerted MasterCard about the error, who have since fixed the typo, stating there was no risk to their systems.

ImgSrc: cyberplace.social

References:

• @GossiTheDog - Incredible situation where somebody managed to gain access to Mastercard DNS by registering a domain name - and now there’s a campaign to silence the researcher under the banner “responsi - 1d
• krebsonsecurity.com - MasterCard DNS Error Went Unnoticed for Years - 1d
• Malware Analysis, News and Indicators - Latest topics - The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an - 1d
• www.linkedin.com - MasterCard DNS Error Went Unnoticed for Years - 1d

Classification:

• HashTags: DNS MasterCard SecurityIncident
• Company: MasterCard
• Target: MasterCard
• Product: DNS
• Feature: DNS Misconfiguration
• Type: Vulnerability
• Severity: Medium