Alerts and updates

  • DocuSign has observed a new phishing campaign that began the morning of July 10th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected]. The emails all have the subject:

    "You have a new document to review and sign"

    These emails contain a malicious Word document as an attachment, 3873JDSB987391.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of June 5th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service" using the email address [email protected] . The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign has observed a new phishing campaign that began the morning of May 8th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice Service" using the email address [email protected]. The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • DocuSign will end TLSv1.0 support in our demo environment effective May 29, 2018. This will help customers plan and test for the end of TLSv1.0 support in our production environment, scheduled for June 25, 2018.

    This action will give customers time to update their integrations before our production environment ends support for TLSv1.0 on June 25, 2018.

    DocuSign’s end of support dates for TLSv1.0 are as follows:

    Environment TLSv1.0 Deprecation Date
    Demo May 29, 2018
    Production June 25, 2018

    For more information about TLSv1.0 deprecation, including instructions for testing and updating your browsers, please visit the DocuSign Support article here.

  • To remain PCI DSS compliant after June 30, 2018, all inbound and outbound DocuSign requests are required to deprecate TLS v1.0 connections along with legacy ciphers as noted in our original end of support notice.

    DocuSign Connect listeners that work only with TLS v1.0 will no longer function after DocuSign’s TLSv1.0 deprecation scheduled for June 25, 2018, in our production environment and May 29, 2018, in our demo environment.

    For customers using DocuSign Connect listeners, integration owners should ensure that those listeners can work with TLSv1.1 or higher to avoid any service interruptions after TLSv1.0 support ends.

    For more information about DocuSign Connect, please visit the DocuSign Connect Guide here.

  • DocuSign has observed a new phishing campaign that began the morning of April 27th (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected]. The emails all have the subject:

    "You have received a secure document via Docusign"

    These emails contain a malicious Word document as an attachment, 3873JDSB987391.doc. These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • To ensure smooth DocuSign support deprecation for TLSv1.0, we have changed the effective date for this change. DocuSign will end TLSv1.0 support effective June 25, 2018. Please refer to the original end of support notice for further details.

    Visit DocuSign’s System Requirements page for information about browsers supported by DocuSign. These browsers will continue to work after the change.

  • DocuSign has observed a new phishing campaign that began the morning of March 22nd, 2018 (Pacific Time). The email purports to come from DocuSign using the email addresses [email protected] and [email protected]. The emails all have the subject:

    "You have received a secure document"

    These emails contain a malicious Word document as an attachment, 9S659EHDCSI72649DS.doc.

    These emails are not sent from DocuSign. Do not open the attachment in these emails, instead please forward them to [email protected] and then delete the email immediately.

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • Following industry best practices, DocuSign will end TLSv1.0 support effective June 30, 2018 June 25, 2018. This date aligns with the deadline the PCI Security Standards Council has set for companies that wish to remain PCI Data Security Standard (PCI DSS) compliant.  Other leading SaaS vendors, including Salesforce, Box, and PayPal, plan to end support for TLSv1.0 in June.

    More information is available here: https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

    In addition to retiring the insecure TLSv1.0 protocol, we will also remove a set of cipher suites which are no longer considered secure. This includes ciphers such as 3DES along with a few others that have an insufficient key length to securely encrypt communications.

    The ciphers to be retired include the following:

    · TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

    · TLS_RSA_WITH_3DES_EDE_CBC_SHA 

    · TLS_RSA_WITH_AES_256_GCM_SHA384

    · TLS_RSA_WITH_AES_256_CBC_SHA256

    · TLS_RSA_WITH_AES_256_CBC_SHA 

    · TLS_RSA_WITH_AES_128_GCM_SHA256

    · TLS_RSA_WITH_AES_128_CBC_SHA256 

    · TLS_RSA_WITH_AES_128_CBC_SHA 

    TLSv1.0 and these cipher suites are utilized by a small set of customers to support legacy integrations. These integrations will need to be updated to support secure, modern ciphers and is often as easy as recompiling the solution with updated libraries. The PCI Security Standards Council has published detailed guidance for migration from SSL/early TLS. It is available here: www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf

    All internet browsers currently supported by DocuSign already default to newer versions of TLS, so this change will go unnoticed by web and mobile users. Please contact DocuSign support with additional questions.

  • DocuSign has observed a new phishing campaign that began the morning of March 6th, 2018 (Pacific Time). The email purports to come from "DocuSign Electronic Signature and Invoice" using the email addresses [email protected] and [email protected]. The emails all have the subjects:

    You received / got invoice from DocuSign Signature Service / DocuSign Electronic Signature Service / DocuSign Service

    These emails contain links to a malicious Word document. This emails are not sent from DocuSign. Do not click the links in these emails, instead please forward them to [email protected] and then delete the email immediately. 

    For more information on how to spot phishing please see our Combating Phishing white paper (3.3 MB)

  • On February 27th, CERT released details about a SAML vulnerability affecting some libraries which may allow an attacker to perform an authentication bypass. More details are available here: https://www.kb.cert.org/vuls/id/475445

    Our security and identity teams immediately investigated this issue in our applications and have confirmed that none of our SAML implementations are vulnerable to this attack.

  • DocuSign has addressed the Spectre and Meltdown vulnerabilities across our service, protecting customers from potential exploitation. Engineering teams have carefully monitored and measured performance during the rollout of these patches and no measurable service degradation has been encountered. Our incident response teams have not seen any indication of attempts to exploit these issues.

    If and when additional patches become available from vendors we will use the same strategy to test, measure and deploy to our service. Providing customers with a secure and reliable service is our top priority at DocuSign.

Pages