Swiss tax authority forced to buy Bahamas domain name after URL typo
What do you do if a web address you printed on a physical flyer contains a typo, and you send that flyer to more than 100,000 households? Well, if you're
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
We recently performed research that started off "well-intentioned" (or as well-intentioned as we ever are) - to make vulnerabilities in WHOIS clients and how they parse responses from WHOIS servers exploitable in the real world (i.e. without needing to MITM etc). As part of our research, we discovered that a few years ago the WHOIS server for the .MOBI TLD migrated from whois.dotmobiregistry.net to whois.nic.mobi – and the dotmobiregistry.net domain had been left to expire seemingly in December 2023.
ICANN approves use of .internal domain for your network
Vint Cerf revealed Google already uses the string, as do plenty of others
Don’t Let Your Domain Name Become a “Sitting Duck”
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars,…
Mail in the middle – a tool to automate spear phishing campaigns
The idea is simple; take advantage of the typos that people make when they enter email addresses. If we positioned ourselves in between the sender of an email (be it a person or a system) and the legitimate recipient, we may be able to capture plenty of information about the business, including personally identifiable information, email verification processes, etc. This scenario is effectively a Person-in-the-Middle (PiTM), but for email communications.
How a tiny Pacific Island became the global capital of cybercrime | MIT Technology Review
Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.
File Archiver In The Browser
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain.
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.
Nothing Has Changed: Website Retailers Selling Domains Meant for Illicit Goods and Services, Digital Citizens Alliance Investigation Finds
Domain names geared to offer illicit goods and services – from illegally purchased guns to opioids to Covid vaccine cards – remain easy to...
The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis
Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.
Nothing Has Changed: Website Retailers Selling Domains Meant for Illicit Goods and Services, Digital Citizens Alliance Investigation Finds
Domain names geared to offer illicit goods and services – from illegally purchased guns to opioids to Covid vaccine cards – remain easy to...
The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis
Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Nothing Has Changed: Website Retailers Selling Domains Meant for Illicit Goods and Services, Digital Citizens Alliance Investigation Finds
Domain names geared to offer illicit goods and services – from illegally purchased guns to opioids to Covid vaccine cards – remain easy to...
The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis
Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). - GitHub - Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).