Insights

31 Jul

Don’t Let Your Domain Name Become a “Sitting Duck”

Information, Insights

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet…

Read More
30 Jul

DigiCert Certificate Revocations

Attacks, Insights, Malware

DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure communication. DigiCert has notified affected customers and provided instructions on how to replace non-compliant certificates. CISA urges DigiCert customers to check their DigiCert account to view any non-compliant certificates and…

Read More
26 Jul

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Information, Insights

Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google had blocked. “In…

Read More
25 Jul

FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity

Attacks, Insights, Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following organizations: U.S. Cyber National Mission Force (CNMF); U.S. Department of Defense Cyber Crime Center (DC3); U.S. National Security Agency (NSA); Republic of Korea’s National Intelligence Service (NIS); Republic of Korea’s National Police Agency (NPA); and United Kingdom’s National Cyber…

Read More
23 Jul

Phish-Friendly Domain Registry “.top” Put on Notice

Information, Insights

The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.” Image:…

Read More
19 Jul

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

Information, Insights

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis. A photo taken at San Jose International Airport today shows the dreaded Microsoft “Blue…

Read More
19 Jul

Widespread IT Outage Due to CrowdStrike Update

Attacks, Insights, Malware

Note: CISA will update this Alert with more information as it becomes available. Update 7:30 p.m., EDT, July 19, 2024:  The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS.  For additional information: Update from the United Kingdom’s National Cyber Security Centre (NCSC-UK) Update from the Australian Cyber Security Centre (ACSC) Update from the Canadian Centre for Cyber Security (CCCS) Threat actors continue to use the widespread IT outage for phishing…

Read More
18 Jul

Ivanti Releases Security Updates for Endpoint Manager

Attacks, Insights, Malware

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Security Advisory EPM Security Advisory Ivanti Endpoint Manager for Mobile (EPMM)

Read More
18 Jul

Oracle Releases Critical Patch Update Advisory for July 2024

Attacks, Insights, Malware

Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  July 2024 Critical Patch Update Advisory

Read More
15 Jul

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Data Breaches, Information, Insights

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s website had an option…

Read More