Tag Archives: attacks

Domain names are getting hijacked undetected by Sitting Ducks attacks. The attack occurs without compromising the linked account, which the DNS provider should secure. The damage the attack causes can be extensive: cybercriminals are given the opportunity to spread malware and phishing under the domain name.

DNS providers are the target of Sitting Ducks attacks. Such attacks allow cybercriminals to hijack domain names and then abuse them. Abuse can take the form of malware, phishing campaigns, brand impersonation and data exfiltration. A Cobalt Strike would have already been illegally distributed in this way.

Researchers at Infoblox and Eclypsium investigated this method of attack and discovered active abuse at several DNS providers. This provider shares in…

A recent discovery has unveiled vulnerabilities in multiple hosted, outbound SMTP servers, allowing authenticated users and certain trusted networks to send emails with spoofed sender information.

These vulnerabilities, CVE-2024-7208 and CVE-2024-7209, exploit weaknesses in the authentication and verification mechanisms provided by Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM).

Domain-based Message Authentication, Reporting, and Conformance (DMARC), which builds on SPF and DKIM, is circumvented, enabling attackers to bypass security measures and spoof sender identities.

Technical Description of the Vulnerabilities

The vulnerabilities stem from the SMTP protocol’s inherent insecurity, as outlined in RFC 5321 #7.1. SPF…

Members of the European Union are currently taking part in elections to the European Parliament, presenting a prime opportunity for hacktivists to perform Distributed Denial of Service (DDoS) attacks against political parties across the spectrum.

At time of writing, 8 of the 27 EU members have completed counting their votes, with the preliminary results and exit polls showing gains for right-wing parties.

Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails.

The “Share Update” feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set up automatic notifications for certain updates. 

North Korean state-sponsored threat actors were observed using the recently discovered ScreenConnect vulnerabilities to steal sensitive data from their targets. 

A new report from Kroll shared with TechRadar Pro found a group known as Kimsuky (AKA Thallium) abused two flaws found in ConnectWise’s solution to drop ToddleShark, an upgraded version of the group’s other backdoors, BabyShark and ReconShark.