Alerts and updates
Subscribe using the DocuSign Trust Center Alerts RSS feed URL: https://www.docusign.com/trust/alerts/feed.
Add an RSS reader extension to your browser (Chrome, Firefox), or enable via Outlook on a PC.
-
07/27/2020On July 14th, 2020, Microsoft released a fix for a Critical Remote Code Execution (RCE) vulnerability (CVE-2020-1350) affecting Windows DNS Servers. In keeping with our security best practices, we would like to assure customers that all impacted roles were immediately patched.
-
07/27/2020The DocuSign CLM and CLM.CM August 20.6 Product Release will be deployed to the PROD environment (NA11, NA21, EU11, EU21) on Friday, August 7, 2020 between 21:00 and Midnight, US Central Time.
We don't anticipate any impact to platform availability during this product release.
Release Notes for this upcoming release can be found on the DocuSign Support Center.
Please contact Technical Support if you have any questions. -
07/13/2020The DocuSign CLM and CLM.CM August 20.6 Product Release will be deployed to the UAT environment on Thursday, July 23, 2020 between 8:00 PM and 11:00 PM, US Central Time.
During this period, access to the UAT environment will be impacted. We apologize for any inconvenience.
Release Notes for this upcoming release can be found on the DocuSign Support Center.
Please contact Technical Support if you have any questions. -
07/11/2020
On 07/09/2020, we published an alert regarding the renewal of three previously issued certificates ahead of schedule due to a change initiated by DigiCert in their ICA infrastructure, revoking the Intermediate Certificate.
We have updated the PROD enforce dates for these three re-provisioned certificates, which are listed below and available on the DocuSign Public Trust site at https://www.docusign.com/trust/compliance/public-certificates:
- The Security Appliance certificate
- The Signed By service certificate
- The DigiCert Intermediate CA certificate
-
07/09/2020
Due to a change initiated by DigiCert in their ICA infrastructure, we're renewing three previously issued certificates ahead of schedule. DigiCert will expire the following current certificates on July 30, 2020.
- The Security Appliance certificate
- The Signed By service certificate
- The DigiCert Intermediate CA certificate.
These three certificates are available with their new offer and enforce dates on the DocuSign Public Trust site at: https://www.docusign.com/trust/compliance/public-certificates.
-
06/16/2020
The DocuSign CLM and CLM.CM June 20.5 Product Release will be deployed to the PROD environments (NA11, NA21, EU11, EU21) on Friday June 26, 2020 between 21:00 and Midnight, US Central Time.
We don't anticipate any impact to availability or access during this Product Release.
Release Notes for this upcoming release can be found on the DocuSign Support Center.
Please contact Technical Support if you have any questions.
-
06/02/2020
Please add DocuSign’s new IP range to your whitelist (192.103.120.1 through 192.103.123.254) to avoid service disruptions. DocuSign will be scaling it’s service to start using this new range starting 6/26/2020. The current ranges still remain valid. DocuSign IP ranges are advertised on https://www.docusign.com/trust/security/esignature.
-
06/01/2020
The DocuSign CLM and CLM.CM June 20.5 Product Release will be deployed to the UAT environment on Thursday, June 11, 2020 between 8:00 PM and 11:00 PM, US Central Time.
We don't anticipate any impact to availability or access during this Product Release.
Release Notes for this upcoming release can be found on the DocuSign Support Center.
Please contact Technical Support if you have any questions.
-
05/27/2020
DocuSign has discovered several new phishing campaigns that spoof DocuSign and are COVID-related. All below campaigns were found in the wild. Details are shared for each below.
- From: "Payment Request via DocuSign" <user[@]puabenefit-pay8645752893[.]info> or <filling[@]serv-docpay873644[.]com>
Reply-to: user[@]doc-pay[.]info
Sent: Thursday, May 21
Subject: "RE: YOUR COVID19 PAYMENT FILLING STATUS" or "COVID-19 HEALTH PAYMENT STATUS" or similar
Link displays as: hxxps://mindscriptstech[.]com/wp-admin/documen0t9853/doc-new/
- From: "DocuSign Via Arnulfo Smitham" <docusign-donot-reply[@]Yourpad[.]com>
Sent: Thursday, May 21
Subject: "Affidavit_for_Covid-19 from Yourpad[.]com" or similar
Link displays as: hxxps://bit[.]ly/3bnBEsw
Links redirects to: hxxps://realestatesproperties[.]estate/x787xe8ruh22@/11d4b7f8a0da369d11a95c2ee2267796/
95aed2504a6a43d4034b22cacbba5607/login.php?cmd=login_submit&id=5aea4dece5073ba5a0f7113d90b4b62
35aea4dece5073ba5a0f7113d90b4b623&session=5aea4dece5073ba5a0f7113d90b4b6235aea4dece5073ba5a0f
7113d90b4b623
- From: "KEVIN WATSON" <grayshillrealty[@]yahoo[.]com>
Sent: Wednesday, May 20
Subject: "Re: Docu sign. :Complete : File NO 8874871 COVID-19 Report ,termi AND HUD approver QWKLDQXPSO" or similiar
Link displays as: No URL was provided in the message
- From: "Payment Request via DocuSign" <user[@]puabenefit-pay8645752893[.]info> or <filling[@]serv-docpay873644[.]com>
-
05/13/2020
DocuSign has observed several new phishing campaigns that spoof DocuSign and are COVID-themed. Details for each are below.
- The email sender appears as "DocuSign" from suspended[@]sign-doc.com, and indicates in the body that your 'docusign account is temporarily suspended.' The subject line is similar to "Your Docusign account is suspended" The emails contain a link to a malicious URL [http]://covid19.protected-forms[.]com/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwhczov
L3NlvY3uVyZWQtbG9naW4ubmV0bL3BhZ2VzL2E0ZGFlYzk1OTVlMSZyZWNpcGllbnRfaWQ9NjE5NTkyMTg5JmNhbXBha
WduX3J1bl9pZD0zMTQ3MDEw
that leads to [https]://secured-login[.]net/pages/a4daec9595e1/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwh
czovL3NlvY3uVyZWQtbG9naW4ubmV0bL3BhZ2VzL2E0ZGFlYzk1OTVlMSZyZWNpcGllbnRfaWQ9NjE5NTkyMTg5JmNhbXBha
WduX3J1bl9pZD0zMTQ3MDEw.
- The sender again appears as "DocuSign" from carmen.schultz[@]t-online.de. The subject line is similar to "Notification: You have received a document." The email body suggests that the World Health Organization has sent you a document: "COVID-19 impact, situation updates, and policy responses." A malicious URL [https]://storage[.]googleapis[.]com/worldhealthorganization/index[.]html
takes you to
[https]://virtualmallglobal[.]com/documents/login[.]html.
- The email sender appears as "Rebecca Campbell" from jogina[@]randallmorris.com. The subject line is similar to "Completed: Docusign_FinalApproval/Clear to Close the property/Covid-19 Affidavit." This malicious URL [https]://bit[.]ly/39jkv28
takes you to
[https]://realestateescrowdocument[.]estate/x787xe8ruh22@/
8af0a1fdf1fb6005665d2bc4d5fa7c77/2816dde2b84c88df5e1cd134bf
15c431/login[.]php?cmd=login_submit&id=f8b98db5e70b2e47bf110c6e8e9fef69f8b
98db5e70b2e47bf110c6e8e9fef69&session=f8b98db5e70b2e47bf110c6e8e9fef69f8b98db5e70b2e47bf110c6e8e9fef69.
- The email sender appears as "DocuSign via Jimenez: from kjimenez[@]lindsey.com. The body of the email includes the contact Jimenez[@]Keystonetitle.com, claiming that your close time is curbside and scheduled for "1:30pm on 5/013/20." The subject line is similar to "RE: REG 2440 COVID-19 Affidavit and ALTA SETTLEMENT ID no: 244053 , pls sign Thanks." The malicious URL [https]://bit[.]ly/3afxh33
sends you to
[https]://generalbamrealtors[.]com/x787xe8ruh22@/ac8120f50c6ca29c78fbd84cde5ab7d5/28428aa5229cf9c9c1
ba35239609aa0e/login.php?cmd=login_submit&id=76be3a836e56c3ea7cc3b9e97e04eb1176be3a836e56c3ea7c
c3b9e97e04eb11&session=76be3a836e56c3ea7cc3b9e97e04eb1176be3a836e56c3ea7cc3b9e97e04eb11.
- The email sender appears as "DocuSign via Maureen Wilkinson" from nrakosy6468720[@]springhillres.com. The subject line is similar to "FWD:2668502 Please DocuSign this document: Change_to_Listing_COFIC-19_2_1211.pdf." The malicious URL [http]://waiting[.]website/3akIIpr
leads you to
[https]://realestatesproperties[.]estate/x787xe8ruh22@/6baadc89159617043965f9e1889224e7/099043c11c86
f05f70d165635ea65814/login.php?cmd=login_submit&id=f1d4c1bb89f4af812573622f86d4485ff1d4c1bb89
f4af812573622f86d4485f&session=f1d4c1bb89f4af812573622f86d4485ff1d4c1bb89f4af812573622f86d4485f.
These emails are not sent from DocuSign. Do not click on the links in these emails, instead, please forward them to spam@docusign.com and then delete these emails immediately.
For more information on how to spot phishing, please see our Combating Phishing white paper.
- The email sender appears as "DocuSign" from suspended[@]sign-doc.com, and indicates in the body that your 'docusign account is temporarily suspended.' The subject line is similar to "Your Docusign account is suspended" The emails contain a link to a malicious URL [http]://covid19.protected-forms[.]com/XYWNb0aW9uPWqNsaWNrJnfVybD1odddHRwhczov
-
05/07/2020
DocuSign has observed several new phishing campaigns that spoof DocuSign. Details for each are below.
1. The email sender appears as PEUT, Debra (depeut1) from dpeut1[@]eq.edu.au. The subject line is similar to "Internal Revenue Service (COVID-19 Stimulus Check)" The emails contain a link going to anbar.co/scdc/.
2. The email sender appears as DocuSign from dchernoff1[@]comcast.net. The subject line is similar to "Incoming Document Notification." The emails contain a link that takes you to cristianmponce.com/docsign.com-access-document/docusign/login.html.
3. The email sender appears as CU #COVID Electronic Documents via Docusign from betsy[@]austinhomestaging.com, and the name Owen G Kellerman is in the body as the sender. The subject line is similar to "CU #COVID: Document update for app 65799414." The emails contain a link and directs you electronic_documents[@]coronavirus-ctrl.org.
4. The email sender appears as "DocuSign via Tavares Schmitt from hicom-hap6710636[@]cbn.net.id. The subject line is similar to "FWD: 3754013 Please DocuSign this document: Change_to_Listin." The emails contain a link that takes you to waiting.website/34ufmba. Additional names referenced in the body of the email are Deron Rice, Montale Moving Services LLC, Mahwah Movers, Corinne Benvenuto, and Monica Reyes. Additionally, it states that "Rodora signed At Tuesday, May 5, 2020, Deron Rice opened and viewed your documents. Please this document: Change_to_Listing_Covid-19_2_1211.pdf."
These emails are not sent from DocuSign. Do not click on the links in these emails, instead, please forward them to spam@docusign.com and then delete those emails immediately.
For more information on how to spot phishing, please see our Combating Phishing white paper.
-
05/06/2020
DocuSign has observed a new phishing campaign that spoofs DocuSign with a fraudulent invoice notification, designed to harvest your Adobe Cloud credentials. The email appears to come from Mubanga, Chama though the body of the email uses the name Malyangu, Eric. It is using the domain '@plan-international.org.' The emails have the subject line similar to:
"Outstanding Invoice."
The emails contain a link that redirects to what looks like an Excel spreadsheet, but is actually a phishing page. The page itself appears blurred with a message appearing on the page, as a popup, asking recipients for their Adobe account details, including email address and password.
These emails are not sent from DocuSign. Do not click on the link in these emails, instead please forward them to spam@docusign.com and then delete the email immediately.
For more information on how to spot phishing please see our Combating Phishing white paper.