Securing Your Domain with CAA Records: Prevent Unauthorized Certificate Issuance
You may have seen a recent post by WatchTowr titled We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI. The TLDR is that WatchTowr Labs discovered a major vulnerability in the .MOBI TLD by purchasing an expired WHOIS server domain for $20, allowing them to control WHOIS queries. They found that many systems, including Certificate Authorities (CAs) responsible for issuing TLS/SSL certificates, were querying this outdated WHOIS server, which enabled WatchTowr to spoof domain ownership information, namely emails....