November 15, 2024 at 06:58AM Threat actors have seized over 70,000 domains, targeting well-known brands and government entities due to inadequate domain ownership verification. This highlights vulnerabilities in domain management and the risks associated with lax security measures. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **Incident Overview:** Over 70,000 domains have been hijacked … Read more
November 14, 2024 at 01:21PM Cybercriminals have exploited a technique called Sitting Ducks to hijack legitimate domains, predominantly for phishing and fraud, affecting nearly 800,000 domains in three months. Infoblox reports that 70,000 domains were hijacked, often using reputable brands, making detection difficult. This ongoing issue poses significant risks for businesses and individuals. ### Meeting … Read more
August 2, 2024 at 05:00AM DNS providers’ inadequate verification of domain ownership puts over one million domains at risk of hijacking, leading to brand impersonation, data theft, malware delivery, and phishing. The “Sitting Ducks” attack, discovered in 2016, continues to be exploited, allowing cybercriminals to hijack domains without detection. Recommendations are provided for domain owners … Read more
August 1, 2024 at 11:00AM A powerful Sitting Ducks attack, exploiting DNS weaknesses, allows malicious actors to stealthily hijack over a million susceptible domains, serving malware and engaging in spam. The attack, more likely to succeed and harder to detect than other hijacking methods, has been utilized by Russian-nexus cybercriminals, posing a significant threat to … Read more
February 27, 2024 at 09:29AM The “SubdoMailing” ad fraud campaign utilizes over 8,000 legitimate domains and 13,000 subdomains to send up to five million fraudulent emails daily. Notable brands like MSN, VMware, and eBay have been unknowingly involved, aiding in bypassing spam filters. The threat actors profit from ad views and scams, with Guardio Labs … Read more
February 26, 2024 at 11:01AM A massive ad fraud campaign, “SubdoMailing,” utilizes over 8,000 legitimate internet domains and 13,000 subdomains to send up to 5 million scam and malvertising emails daily, bypassing spam filters and leveraging trusted company domains. Notable companies affected include MSN, VMware, and eBay. The campaign generates revenue through fraudulent ad views … Read more