BATH, UK - More than 4,000 web backdoors that had been abandoned but were still active with live malware were hijacked and their communication infrastructure sinkholed – a term used to describe the process of redirecting malicious traffic to a DNS sinkhole – after web security researchers registered numerous expired domains, preventing them from being used by hackers and cybercriminals. A backdoor is a covert method of bypassing normal authentication or encryption in a … [Read more...]
Hackers Utilizing Russian Domains for Rising Number of Complex Phishing Attacks
REDMOND, WA - Cybersecurity experts have noted a large increase in the number of phishing attacks recently as hackers have been altering their attack avenues in order to work their way around increasingly complex email security systems designed to circumvent their efforts. Both the volume and complexity of malicious emails have been on the rise and are proving to be increasingly able to bypass Secure Email Gateways (SEGs) such as Microsoft and Proofpoint, according … [Read more...]
Amazon Seizes Domains Used by Russian Hackers Targeting Windows Users
SEATTLE, WA - Online shopping retail giant Amazon this week seized multiple internet domains that have been utilized by Russian hackers to launch phishing attacks that targeted users of Microsoft’s Windows operating system. Chief Information Security Officer at Amazon, CJ Moses, announced in a blog post that Midnight Blizzard, otherwise known as APT29 – a threat actor directly sponsored by the Russian government – had been targeting government agencies, empires, … [Read more...]
Senator Demands Domain Registrars Address Russian Influence Operations During 2024 Election
WASHINGTON, D.C. - Senator Mark Warner (D-Va.), Chair of the Senate Intelligence Committee, has issued a demand to several of the top American internet domain registrars to clamp down on the abuse of their services by Russian disinformation actors who he alleged are attempting to interfere with and influence the outcome of the 2024 presidential election. Warner sent a letter earlier in October to several well-known companies in the web domain registering and hosting … [Read more...]
56% Increase In Disaster Recovery Events Related To Microsoft 365 Domains
REDMOND, WA - According to new data released by IT services data protection and security company N-able, 2024 so far has seen a huge uptick in hacking and cyberattacks targeting Microsoft 365 domains, with a 56 percent increase in the number of disaster recovery events among the service’s clients and a large uptick in the number of backups among its partners. Critical Start’s Cyber Research Unit (CRU) issued a report that states the number of cyber alerts in the first … [Read more...]
FBI Shutdown Prolific Ransomware Group “Radar/Dispossessor,” Domains Seized
WASHINGTON, D.C. - The FBI has announced they have shut down a prolific ransomware group known as “Radar/Dispossessor” and seized multiple internet domains and servers utilized by the cyber threat actors, reportedly headed up by an individual known by the code-name “Brain.” As part of the FBI’s enforcement actions, they have dismantled a plethora of servers utilized by Radar/Dispossessor to carry out their ransomware attacks, including three in the United States, … [Read more...]
Thousands of “Sitting Duck” Domain Names Highjacked by Russian Cybercriminals
PALM BEACH, FL - A critical vulnerability within the Domain Name System (DNS) has been unearthed and exploited by dozens of cybercriminals and hackers originating from Russia to take over thousands of domain names, according to cybersecurity researchers from Infoblox and Eclypsium. An estimated 30,000 legitimate domains have been hijacked by the digital thieves since 2019, experts say, utilizing a technique known as “Sitting Ducks” that exploits weak DNS services. The … [Read more...]
Experts: Hackers Registered Over 500,000 Domains for Massive Cyber-Attack
SANTA CLARA, CA - Hackers have been around since the debut of the Internet, and over the years they’ve learned a number of underhanded tricks to use on unsuspecting victims; one of the most prolific is registering new domains to use to disseminate malware and conduct fishing attacks – while posing as innocent and trustworthy websites – in order to get the unwary to share sensitive information or download malicious software. That being said, according to cybersecurity … [Read more...]
FIASCO: Multiple Squarespace Domains Hijacked After Security Loophole Exploited
NEW YORK, NY - Last week, multiple organizations with domains registered with Squarespace had their websites hijacked by hackers, with most of the instances primarily targeting cryptocurrency-based businesses, such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. The hijacks took place between July 9 and July 12, and involved Google Domains assets; Squarespace had purchased the Google Domains service in June 2023 – along with approximately 10 … [Read more...]
AT&T Discloses Major Data Breach Affecting Approximately 70+ Million Accounts
DALLAS, TX - AT&T recently revealed a cybersecurity incident that exposed call and text message records for a significant portion of its customer base. The breach impacted nearly all of AT&T's cellular customers, along with customers of mobile virtual network operators (MVNOs) that utilize AT&T's network. Even some landline customers who interacted with AT&T cellular users during the timeframe are included. While the compromised data doesn't contain the … [Read more...]
Large-Scale Fraud Campaign Utilizes Over 700 Domains to Sell Fraudulent Tickets
CHANDLER, AR - Authorities have discovered that a group behind a widespread internet scam – dubbed “Ticket Heist” – has been utilizing over 700 domain names, registered over the course of over two years, in order to sell fraudulent tickets and hotel accommodations to the Summer Olympic Games in Paris. The operation, which researchers at threat intelligence company QuoIntelligence say seems to primarily target Russian-speaking individuals, has not only offered … [Read more...]
Data Leak Impacts Snowflake Customers, Including Advanced Auto Parts, LendingTree
BOZEMAN, MT - In a significant data breach, several major companies have been impacted due to vulnerabilities in their Snowflake cloud storage accounts. The breach, which came to light in early June 2024, has affected companies like Advanced Auto Parts and LendingTree, among others. Details of the Breach: The breach involved unauthorized access to Snowflake's cloud storage, leading to the theft of vast amounts of data. The hacker, known by the alias "Sp1d3r," has … [Read more...]
Ticketmaster Faces Massive Data Breach, Affecting Millions of Users
WEST HOLLYWOOD, CA - Ticketmaster, the ticketing giant, is reeling from a major data breach that may have exposed the personal information of over half a billion users. The notorious hacking group ShinyHunters is claiming responsibility for the attack and is demanding a ransom of $500,000 to prevent the data from being sold. While Ticketmaster has yet to confirm the breach officially, security experts are taking the claims seriously. According to reports, the stolen data … [Read more...]
Unstoppable Domains & Secret Network Launch “.Secret” Top-Level Domain (TLD)
SAN FRANCISCO, CA - Digital identity provider Unstoppable Domains (UD) and Secret Network, the confidential computing layer of Web3, officially announced on Thursday, May 30 that they have launched the ".Secret" Web3 top-level domain (TLD), which will offer enhanced digital privacy and communication for users within the blockchain community. The .Secret TLD – which will function as both a web address and digital identifier – represents a huge leap in terms of privacy for … [Read more...]
49 Million Customers Data Affected After Dell Technologies Data Breach
ROUND ROCK, TX - A security incident has come to light, prompting concerns among users. Dell Technologies, a prominent player in the tech industry, disclosed a data breach affecting a substantial number of customers, totaling 49 million. While the breach does not involve sensitive financial or payment data, it nonetheless exposes personal information, including full names, cities, postal codes, and purchase details. Despite seeming innocuous, this data can be exploited by … [Read more...]