Domain – Page 12 – WindowsTechs.com

Report: Zoho’s domain regularly exploited to move keylogger data

Posted on October 2, 2018 by Zaid Shoorbajee

After a messy domain takedown last week in response to phishing complaints, new research suggests that an Indian IT company’s domain is being exploited to exfiltrate the bulk of keylogger data collected by malicious programs. Zoho, an Indian company that provides office tools and IT management platforms, had its domain taken down temporarily last week as a result of complaints about phishing abuse. Domain registrar TierraNet told ZDNet that it took down the domain after repeatedly asking Zoho to mitigate the phishing issues. Zoho’s domain has since been brought back online, but anyone using Zoho was out of luck while it was down. A report released Tuesday by Cofense, a company that provides phishing protection services, suggests that the complaints of abuse were not unfounded. Cofense says that, based on an analysis of keylogger data theft where email is used for to exfiltrate the data, domains owned by Zoho account for moving […]

The post Report: Zoho’s domain regularly exploited to move keylogger data appeared first on Cyberscoop.

Continue reading Report: Zoho’s domain regularly exploited to move keylogger data→

Smashing Security #097: Dash cam surveillance, robocall plague, and Zoho woe

Posted on September 27, 2018 by Graham Cluley

Why was Zoho’s website taken offline by its own domain registrar? How are dash cams making you less secure? And why are robocalls on the rise in the United States?
All this and much more is discussed in the latest edition of the award-winning “Smashing… Continue reading Smashing Security #097: Dash cam surveillance, robocall plague, and Zoho woe→

How to find accounts in leaked databases based on the domain name?

Posted on September 20, 2018 by Bob Ortiz

I like to find accounts in leaked databases based on the domain name associated with the leaked mail addresses. Public databases such as https://haveibeenpwned.com/ have this ability partly. Searching is only possible when th… Continue reading How to find accounts in leaked databases based on the domain name?→

Benign, Malicious Domains and Definitions

Posted on August 18, 2018 by Jishan

I am working on a research project where we segregate domains used for malicious purpose from benign domains.

However, my guide does not want the term malicious domain and benign domain in the paper. This is because, accord… Continue reading Benign, Malicious Domains and Definitions→

Security risks of exposing a VM to single IP address on the Internet

Posted on August 11, 2018 by eden881

I have a small office network with about 10 workstations and a single physical domain controller. I want to move it to the cloud. For that, I deployed a Windows VM on Azure, which I’m going to promote as an additional DC. The… Continue reading Security risks of exposing a VM to single IP address on the Internet→

Finding phishing sites to certain domain

Posted on July 24, 2018 by Youbecks003

My work currently involve finding phishing site to a certain domain/ company. I was wondering if there are some tools/ Online services that I can use to find phishing sites. I would like to know;

Searching for registered … Continue reading Finding phishing sites to certain domain→

Does LocalAccountTokenFilterPolicy registry value completely mitigate Windows pass-the-hash (PtH)?

Posted on July 16, 2018 by Shuzheng

I’ve been sitting for hours trying to get PsExec and windows/smb/psexec to work without luck, always getting the “Access is denied.” error, until I came across the following article on Windows Vista:

https://support.microsof… Continue reading Does LocalAccountTokenFilterPolicy registry value completely mitigate Windows pass-the-hash (PtH)?→

Domain transfer #FAIL – man gets 20 years for gunpoint domain hijack

Posted on June 19, 2018 by Lisa Vaas

The owner of doitforstate.com was shot in the leg before shooting his assailant in the chest. Continue reading Domain transfer #FAIL – man gets 20 years for gunpoint domain hijack→

Australia’s Commonwealth Bank leaks data of 10,000 customers over domain misspelling

Posted on June 7, 2018 by Luana Pascu

Just last month, Australia’s Commonwealth Bank admitted losing the financial history of some 20 million customers. Now, the financial institution drops the ball again, this time mistakenly sending the data of some 10,000 customers to the wrong em… Continue reading Australia’s Commonwealth Bank leaks data of 10,000 customers over domain misspelling→

Auth0 Glitch Allows Attackers to Launch Phishing Attacks

Posted on June 6, 2018 by Lindsey O'Donnell

A glitch in Auth0 could allow attackers to spoof a legitimate website and collect sensitive information from visitors. Continue reading Auth0 Glitch Allows Attackers to Launch Phishing Attacks→