SEATTLE, WA - Online shopping retail giant Amazon this week seized multiple internet domains that have been utilized by Russian hackers to launch phishing attacks that targeted users of Microsoft’s Windows operating system. Chief Information Security Officer at Amazon, CJ Moses, announced in a blog post that Midnight Blizzard, otherwise known as APT29 – a threat actor directly sponsored by the Russian government – had been targeting government agencies, empires, … [Read more...]
Thousands of “Sitting Duck” Domain Names Highjacked by Russian Cybercriminals
PALM BEACH, FL - A critical vulnerability within the Domain Name System (DNS) has been unearthed and exploited by dozens of cybercriminals and hackers originating from Russia to take over thousands of domain names, according to cybersecurity researchers from Infoblox and Eclypsium. An estimated 30,000 legitimate domains have been hijacked by the digital thieves since 2019, experts say, utilizing a technique known as “Sitting Ducks” that exploits weak DNS services. The … [Read more...]
Experts: Hackers Registered Over 500,000 Domains for Massive Cyber-Attack
SANTA CLARA, CA - Hackers have been around since the debut of the Internet, and over the years they’ve learned a number of underhanded tricks to use on unsuspecting victims; one of the most prolific is registering new domains to use to disseminate malware and conduct fishing attacks – while posing as innocent and trustworthy websites – in order to get the unwary to share sensitive information or download malicious software. That being said, according to cybersecurity … [Read more...]
FIASCO: Multiple Squarespace Domains Hijacked After Security Loophole Exploited
NEW YORK, NY - Last week, multiple organizations with domains registered with Squarespace had their websites hijacked by hackers, with most of the instances primarily targeting cryptocurrency-based businesses, such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. The hijacks took place between July 9 and July 12, and involved Google Domains assets; Squarespace had purchased the Google Domains service in June 2023 – along with approximately 10 … [Read more...]
Ticketmaster Faces Massive Data Breach, Affecting Millions of Users
WEST HOLLYWOOD, CA - Ticketmaster, the ticketing giant, is reeling from a major data breach that may have exposed the personal information of over half a billion users. The notorious hacking group ShinyHunters is claiming responsibility for the attack and is demanding a ransom of $500,000 to prevent the data from being sold. While Ticketmaster has yet to confirm the breach officially, security experts are taking the claims seriously. According to reports, the stolen data … [Read more...]
49 Million Customers Data Affected After Dell Technologies Data Breach
ROUND ROCK, TX - A security incident has come to light, prompting concerns among users. Dell Technologies, a prominent player in the tech industry, disclosed a data breach affecting a substantial number of customers, totaling 49 million. While the breach does not involve sensitive financial or payment data, it nonetheless exposes personal information, including full names, cities, postal codes, and purchase details. Despite seeming innocuous, this data can be exploited by … [Read more...]
Investigation Uncovers 40,000 Phishing Domains Linked To LabHost Scam Operation
UNITED KINGDOM - The LabHost phishing-as-a-service (PhaaS) platform, which had tens of thousands of phishing domains linked to it and thousands of users worldwide, has had its infrastructure completely disrupted and 37 suspects have been arrested – including the original developer – following a year-long global law enforcement operation. Originally launched in 2021, LabHost was a resource for cybercriminals that – for a monthly subscription fee – provided them … [Read more...]
Thousands of Domain Names Owned by Legitimate Brands Hijacked to Send Spam
TEL AVIV - As part of a sophisticated scheme involving spam proliferation and click monetization, over 8,000 domains and 13,000 sub-domains once owned by major, legitimate brands and institutions have been hijacked to allow millions of spam emails to bypass standard security blocks for nefarious gain. This coordinated malicious activity – dubbed “SubdoMailing” – has been going on since at least September 2022, according to Guardio Labs, the Israeli security … [Read more...]
“Prolific Puma” Created 75k Unique Domain Names Since April 2022 Used for Scams
SANTA CLARA, CA - Researchers from security vendor Infoblox have uncovered an actor known as “Prolific Puma” that has been revealed as having provided link shortening services for countless cyber criminals for a span of time of at least four years or longer, an act that has likely been responsible for an immense number of scams targeting innocent people. As an example of how Prolific Puma lives up to the "prolific” part of their name, the actor reportedly … [Read more...]
Threat Intelligence Firm Recommends Blocking All .ZIP Domains Due to Phishing
SUNNYVALE, CA - FortiGuard Labs reports that they have discovered many .ZIP domains are responsible for phishing attacks on users by automatically downloading a malicious executable titled “file.exe” to their computers. Phishing attacks have been a thorn in the side of computer users for years due to the fact that they often are able to camouflage themselves as innocuous programs or prompts that seemingly pose no threat, but in reality can cause a great deal of … [Read more...]
Expert: Blindly Authorizing Doman Listings Can Cause You to Lose Your Domains
TEMPE, AZ - Recently DomainInvesting.com’s Elliot Silver related a tale of an automated e-mail he received from internet domain registrar and web hosting company GoDaddy, listing several domain names that he owned that are listed for sale on a website called Squadhelp, a website where you can buy and sell domains. Silver had previously listed them on Afternic, but had deleted them in favor of Squadhelp. Side note: I had never heard of Squadhelp before, I'll have to check … [Read more...]
Data Breach: Unauthorized Party Accessed DoorDash Customer Information
SAN FRANCISCO, CA - According to recent reports, a new data security incident has surfaced. DoorDash, a popular food delivery app, detected suspicious activity from the computer network of a third-party vendor, and determined the vendor was compromised by a sophisticated phishing attack. According to the report, certain personal information maintained by DoorDash like names, emails, addresses, phone numbers, and even partial payment card info have been affected. If … [Read more...]
Massive Data Breach of Neopets Website Affects 69 Million Users
WEST PALM BEACH, FL - Neopets, a virtual pet and gaming community, has reported a data breach exposing personal information like usernames, passwords, IP addresses, and more of 69 million user accounts. By combining this information, cybercriminals could target users with spam or phishing attempts to access additional personal information which could lead to identity theft. Neopets representatives have published a statement on Twitter addressing the breach. If … [Read more...]
Hundreds of Domains Being Reported in Scam for Free Federal COVID-19 Test Kits
WASHINGTON, D.C. - The federal government launched a new website in January to help distribute free at-home COVID-19 test kits to U.S. citizens; no sooner did this website go live, so did numerous copycat websites, none of which were legitimate, but many sporting very similar URLs in an attempt to run a scam on unsuspecting visitors. In mid-January, the Biden Administration announced a free COVID-19 test kit program, with the kits being distributed via the U.S. Postal … [Read more...]
Data Security Breach At Robinhood Exposes Personal Info Of Customers
PALM BEACH, FL - The Robinhood financial service company has confirmed a data security incident that has exposed full names or email addresses for approximately seven million customers, with a smaller subset having additional personal information revealed. These customers could be targeted with spam, phishing attempts, identity theft and more. No Social Security numbers, bank account numbers or debit card numbers were exposed according to the company. Robinhood … [Read more...]