AUSTRALIA - A South Australian woman narrowly avoided a complete financial disaster after falling victim to a sophisticated business email compromise (BEC) scam that led to the loss of over $800,000. Authorities have since managed to recover a significant portion of the stolen funds, shedding light on the growing threat of cyber fraud in real estate transactions. The victim, who had been in the process of purchasing a property, received what appeared to be a legitimate … [Read more...]
Expired Domains Used by Security Experts to Neutralize Abandoned Web Backdoors
BATH, UK - More than 4,000 web backdoors that had been abandoned but were still active with live malware were hijacked and their communication infrastructure sinkholed – a term used to describe the process of redirecting malicious traffic to a DNS sinkhole – after web security researchers registered numerous expired domains, preventing them from being used by hackers and cybercriminals. A backdoor is a covert method of bypassing normal authentication or encryption in a … [Read more...]
FBI Shutdown Prolific Ransomware Group “Radar/Dispossessor,” Domains Seized
WASHINGTON, D.C. - The FBI has announced they have shut down a prolific ransomware group known as “Radar/Dispossessor” and seized multiple internet domains and servers utilized by the cyber threat actors, reportedly headed up by an individual known by the code-name “Brain.” As part of the FBI’s enforcement actions, they have dismantled a plethora of servers utilized by Radar/Dispossessor to carry out their ransomware attacks, including three in the United States, … [Read more...]
FIASCO: Multiple Squarespace Domains Hijacked After Security Loophole Exploited
NEW YORK, NY - Last week, multiple organizations with domains registered with Squarespace had their websites hijacked by hackers, with most of the instances primarily targeting cryptocurrency-based businesses, such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. The hijacks took place between July 9 and July 12, and involved Google Domains assets; Squarespace had purchased the Google Domains service in June 2023 – along with approximately 10 … [Read more...]
Data Leak Impacts Snowflake Customers, Including Advanced Auto Parts, LendingTree
BOZEMAN, MT - In a significant data breach, several major companies have been impacted due to vulnerabilities in their Snowflake cloud storage accounts. The breach, which came to light in early June 2024, has affected companies like Advanced Auto Parts and LendingTree, among others. Details of the Breach: The breach involved unauthorized access to Snowflake's cloud storage, leading to the theft of vast amounts of data. The hacker, known by the alias "Sp1d3r," has … [Read more...]
Investigation Uncovers 40,000 Phishing Domains Linked To LabHost Scam Operation
UNITED KINGDOM - The LabHost phishing-as-a-service (PhaaS) platform, which had tens of thousands of phishing domains linked to it and thousands of users worldwide, has had its infrastructure completely disrupted and 37 suspects have been arrested – including the original developer – following a year-long global law enforcement operation. Originally launched in 2021, LabHost was a resource for cybercriminals that – for a monthly subscription fee – provided them … [Read more...]
My.box Inc. Announces Groundbreaking “Future of Digital ID” With “.Box” Domain
CAYMAN ISLANDS - My.box Inc. has announced what they referred to as the groundbreaking “future of digital identity” in the domain name industry: the impending launch of their new “.box” domain, which they tout as the first-ever blockchain native, DNS-routable domain supported by browsers, email, and digital wallets. According to a statement released by My.box Inc. Founder Josh Brandley, the .box domain enables users to integrate multiple aspects of their online identities … [Read more...]
Recently Discovered October 2023 Xfinity Hack Affects Nearly 36 Million Customers
PHILADELPHIA, PA - Leading internet service provider, Xfinity, recently released information regarding a major data breach that is expected to have affected millions of customers. The offenders exploited a vulnerability left by a patch, causing unauthorized access to software provider Citrix, a system used by Xfinity. It is important for Xfinity users to amend their usernames and passwords in response to this breach, even if their data has not been directly exposed. While … [Read more...]
Amazingly Convincing Facebook Phishing Scam Takes Place on Facebook.com Itself
PALM BEACH, FL – I have been reviewing and writing about email phishing scams for years and I have seen a ton of them, from outright laughable in their easy discoverability to incredibly convincing, but this latest one I must write about because its one of the most convincing I have ever seen, and it has been happening for over a year now. I know it well as I once fell for it. The reason this is one of the most convincing I’ve ever seen is because unlike most phishing … [Read more...]
Think Your Domains Are Safe by Using Two Factor Authentication? Think Again
PALM BEACH, FL – Sometimes I read stories that really make me think (and worry). For those who have great domains under management, you might feel super-safe by using “two factor authentications”, where your mobile device is used to verify each login you make to your registry account by sending you a text message for confirmation. I’ve often thought how horrible it might be if someone got control of my mobile device and was able to use it to verify an account change … [Read more...]
Big Deal: Another Popular WordPress Plugin Purchased by Nefarious User
NEW YORK - A few months ago in September, I wrote about a plugin (Display Widgets Plugin) which was sold to someone who used it to compromise over 200,000 websites as that’s about how many installs it had and sites it targeted with compromising intentions. Well, it was a big deal then and it’s an even bigger deal now because it has come to light that this same tactic of acquisition has been used yet again, with (Captcha Plugin) to compromise 300,000 sites. According to … [Read more...]
New Threat to WordPress Sites Designed to Bypass All Ordinary Security Measures
NEW YORK, NY - It seems like a new security threat is born each day; maybe that is because there is. For those who operate WordPress sites, including myself, there is a new threat to consider that is designed to bypass ordinary security measures; a simple back door, you have already left wide-open, by choice. WordPress Plugins are great additions to any WordPress site as they create all sorts of easy plug-and-play options and make often complicated features simple to … [Read more...]
No More Procrastinating on Two Factor Authenticating Protect Your Domains
There is one thing that can come between you and your business regardless of whom you are and how safe you feel your security procedures might be and that’s theft – especially in the domain business. There is a lot that can go wrong in the Internet business as it is, but likely nothing would be as bad as someone stealing your entire Internet address. Poof, all the sudden your entire business is gone. In a brick-and-motor business, it’s not likely that someone will come along … [Read more...]