Don’t Let Your Domain Name Become a “Sitting Duck”

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Continue reading Don’t Let Your Domain Name Become a “Sitting Duck”

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More » Continue reading Researchers Quietly Cracked Zeppelin Ransomware Keys

DigitalOcean’s IPO filing shows a two-class cloud market

This morning DigitalOcean, a provider of cloud computing services to SMBs, filed to go public. The company intends to list on the New York Stock Exchange (NYSE) under the ticker symbol “DOCN.” DigitalOcean’s offering comes amidst a hot streak for tech IPOs, and valuations that are stretched by historical norms. The cloud hosting company was […] Continue reading DigitalOcean’s IPO filing shows a two-class cloud market

Digital Ocean Minds its MANRS Alongside Other Service Providers

Digital Ocean has become the latest service provider to join a Mutually Agreed Norms for Routing Security (MANRS) initiative, led by content delivery networks (CDNs) and cloud service providers, to reduce common routing security threats. Barry Cooks, … Continue reading Digital Ocean Minds its MANRS Alongside Other Service Providers

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com, the world’s largest domain name registrar, KrebsOnSecurity has learned.

Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains registered through GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world’s most trusted corporate names and brands. Continue reading Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years

vDOS — a so-called “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.

The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States.

The vDOS database, obtained by KrebsOnSecurity.com, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States.

The vDOS database, obtained by KrebsOnSecurity.com, points to two young men in Israel as the principle owners and masterminds of the attack service, with support services coming from several young hackers in the United States. Continue reading Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years