SANTA CLARA, CA - Hackers have been around since the debut of the Internet, and over the years they’ve learned a number of underhanded tricks to use on unsuspecting victims; one of the most prolific is registering new domains to use to disseminate malware and conduct fishing attacks – while posing as innocent and trustworthy websites – in order to get the unwary to share sensitive information or download malicious software. That being said, according to cybersecurity … [Read more...]
FIASCO: Multiple Squarespace Domains Hijacked After Security Loophole Exploited
NEW YORK, NY - Last week, multiple organizations with domains registered with Squarespace had their websites hijacked by hackers, with most of the instances primarily targeting cryptocurrency-based businesses, such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. The hijacks took place between July 9 and July 12, and involved Google Domains assets; Squarespace had purchased the Google Domains service in June 2023 – along with approximately 10 … [Read more...]
Unstoppable Domains & Secret Network Launch “.Secret” Top-Level Domain (TLD)
SAN FRANCISCO, CA - Digital identity provider Unstoppable Domains (UD) and Secret Network, the confidential computing layer of Web3, officially announced on Thursday, May 30 that they have launched the ".Secret" Web3 top-level domain (TLD), which will offer enhanced digital privacy and communication for users within the blockchain community. The .Secret TLD – which will function as both a web address and digital identifier – represents a huge leap in terms of privacy for … [Read more...]
Omni Hotels & Resorts Suffers Breach, Potentially Impacting Millions
DALLAS, TX - Last month, Omni Hotels & Resorts, a prominent hotel chain, experienced a cybersecurity breach that resulted in the theft of customer information. In an update on their website, Omni confirmed that the stolen data includes customer names, email addresses, postal addresses, and guest loyalty program information. However, financial information and Social Security numbers were not compromised. The breach was detected on March 29, prompting Omni to shut down … [Read more...]
What Is Geofencing And How Does It Work?
FLORIDA - Geofencing is a location-based technology that creates virtual boundaries around a specific geographic area. These boundaries are defined by GPS, RFID, Wi-Fi, or cellular data. When a device, typically a smartphone or GPS-enabled device, enters or exits the predefined geographic area, it triggers a response or action. Here's how geofencing typically works: Imagine a virtual fence you can draw around any area, like your competitor's dealership or even … [Read more...]
Thousands of Domain Names Owned by Legitimate Brands Hijacked to Send Spam
TEL AVIV - As part of a sophisticated scheme involving spam proliferation and click monetization, over 8,000 domains and 13,000 sub-domains once owned by major, legitimate brands and institutions have been hijacked to allow millions of spam emails to bypass standard security blocks for nefarious gain. This coordinated malicious activity – dubbed “SubdoMailing” – has been going on since at least September 2022, according to Guardio Labs, the Israeli security … [Read more...]
10 Billion Connections to Malicious Domains Blocked by NSA in 2023 via “PDNS”
WASHINGTON, D.C. - The National Security Agency (NSA) noted that 10 billion user connections to known malicious or suspicious domains were blocked over the course of the past year as part of the agency’s efforts, according to its 2023 Cybersecurity Year in Review report released on Tuesday. The NSA‘s annual report is a public account of the agency’s work with government partners, defense industrial base (DIB) entities, and foreign partners to help keep the nation secure, … [Read more...]
“Prolific Puma” Created 75k Unique Domain Names Since April 2022 Used for Scams
SANTA CLARA, CA - Researchers from security vendor Infoblox have uncovered an actor known as “Prolific Puma” that has been revealed as having provided link shortening services for countless cyber criminals for a span of time of at least four years or longer, an act that has likely been responsible for an immense number of scams targeting innocent people. As an example of how Prolific Puma lives up to the "prolific” part of their name, the actor reportedly … [Read more...]
FEDs Seize 17 Domains Suspected of Being Used for Fraud in U.S. by North Korea
WASHINGTON, D.C. - On Wednesday, the United States Justice Department announced it has seized 17 website domains utilized by North Korean information technology (IT) workers to purportedly evade government sanctions, conduct cyberattacks and defraud U.S. businesses, with the millions of dollars in illicit proceeds generated from such activities being used to fund North Korea's weapon development program. The Justice Department confirmed in a statement that the … [Read more...]
Popular Domain Name Software BIND Patched to Correct Severe Vulnerabilities
NEWMARKET, NH - In an effort to address what has been referred to as “severe security vulnerabilities,” the nonprofit Internet Systems Consortium (ISC) has released a series of patches for multiple versions of BIND 9, a popular suite of software utilized for interacting with the Domain Name System (DNS). The issues with BIND – which stands for Berkeley Internet Name Domain – were uncovered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and … [Read more...]
PharMerica Discloses Data Breach That Exposes Info of Nearly 6 Million People
LOUISVILLE, KY - PharMerica, a national pharmacy network owned by BrightSpring Health, has informed nearly 6 million of their members that Social Security numbers, names, birthdates, medical information, and more was exposed in a data breach. The information was stolen between March 12 and March 13. If exploited, cybercriminals can use this information to commit identity theft. On March 14, 2023, we learned of suspicious activity on our computer network. Upon discovering … [Read more...]
NextGen Healthcare Confirms Breach Of Over 1 Million Individuals’ Personal Info
ATLANTA, GA - A security incident has surfaced and you may or may not have been affected. NextGen Healthcare, a healthcare solutions provider, suffered a data breach that exposed the personal information of over 1 million individuals. According to the company, Hackers had access to NextGen systems from March 29 to April 14, 2023, compromising personal information such as full names, addresses, birthdates, and social security numbers. If exploited, cybercriminals can use … [Read more...]
Critical Vulnerability Exposes over 700,000 Sites Using WP Divi, Extra, and Divi Builder
WEST PALM BEACH, FL - This morning, the Wordfence Threat Intelligence Team published details about a critical vulnerability discovered in two themes by Elegant Themes, Divi and Extra, as well as the Divi Builder plugin. Combined, these products are installed on an estimated 700,000 sites. Elegant Themes provides some of the most popular WordPress themes in the world and includes a visual page builder. We initially reached out to Elegant Themes on July 23, 2020 and, … [Read more...]
How Expired Domain Names Have Been Used to Redirect to Malicious Websites
WEST PALM BEACH, FL - Expired domains or domain names which have not been renewed by their previous owner are encountered by all of us often – most times we just don’t notice it. When we do, we open a website only to find out it no longer exists. We are redirected to a site with links on it, or it showcases a sales page for auction of the domain name. These types of websites are generally considered harmless, but recent research proves otherwise. In a report released by … [Read more...]