Domain

Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique

Aug 1, 2024 by iHash Leave a Comment

Aug 01, 2024Ravie LakshmananVulnerability / Threat Intelligence Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, … [Read more...] about Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Jul 31, 2024 by iHash Leave a Comment

Jul 31, 2024Ravie LakshmananWeb Security / Compliance Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper … [Read more...] about DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Active Directory Domain Compromised in Under 24 Hours

Jan 12, 2023 by iHash Leave a Comment

Jan 12, 2023Ravie LakshmananActive Directory / Malware A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. "Throughout the attack, the attacker followed a routine of recon commands, … [Read more...] about Active Directory Domain Compromised in Under 24 Hours

Detect domain generation algorithm (DGA) activity with new Kibana integration

Jun 16, 2022 by iHash Leave a Comment

Searching for a way to help protect your network from potential domain generation algorithm (DGA) attacks? Look no further — a DGA detection package is now available in the Integrations app in Kibana. In a single click, users can install and start using the DGA model and associated assets, including ingest pipeline configurations, anomaly detection jobs, and detection rules. … [Read more...] about Detect domain generation algorithm (DGA) activity with new Kibana integration

noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise

Jan 13, 2022 by iHash Leave a Comment

What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) … [Read more...] about noPac Exploit: Microsoft AD Flaw May Lead to Total Domain Compromise

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers

Dec 22, 2021 by iHash Leave a Comment

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw … [Read more...] about Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

Sep 23, 2021 by iHash Leave a Comment

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in … [Read more...] about Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

Dec 7, 2020 by iHash Leave a Comment

21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization's security with DMARC, which if not implemented, will enable cyber-attackers … [Read more...] about How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

Leading Web Domain Name Registrars Disclose Data Breach

Oct 31, 2019 by iHash Leave a Comment

Another day, another massive data breach—this time affecting a leading web technology company, as well as both of its subsidiaries, from where millions of customers around the world have purchased domain names for their websites.The world's top domain registrars Web.com, Network Solutions, and Register.com disclosed a security breach that may have resulted in the theft of … [Read more...] about Leading Web Domain Name Registrars Disclose Data Breach

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54