Category Archives: domains

Feds aim to bolster data encryption practices for .gov websites

Posted on by

The Trump administration is urging domain operators to include an extra layer of security on federal websites in an attempt to reduce the risk that hackers will spy on site visitors. The goal, which officials said could take “a few years” to achieve, is to get all websites with the .gov internet domain to use a standard that always encrypts a user’s connection to that site. Using that encryption by default is a way for agencies to boost security for a swath of public data being routed through internet domains they control. The security benefits of doing that “are meaningful and necessary to continue meeting the public’s expectation of safety on .gov services,” the General Services Administration, which oversees top-level domains for the U.S. government, said in a blog post published Sunday. The initiative builds on use of the HTTPS, a security protocol that internet users have come to expect from websites. HTTPS is meant to ensure that websites are legitimate, and protects […]

The post Feds aim to bolster data encryption practices for .gov websites appeared first on CyberScoop.

Continue reading Feds aim to bolster data encryption practices for .gov websites

How hackers used malicious Chrome extensions in a mass spying campaign

Posted on by

A sweeping set of surveillance campaigns has hit Google Chrome users, leading to nearly 33 million downloads of malicious software in the last three months, researchers at California-based Awake Security said Thursday. The researchers believe the unidentified hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users in sectors such as oil and gas, finance and health care. The hackers “were very effective in reaching a large number of industries and subverting controls that were in place,” said Gary Golomb, Awake Security’s cofounder and chief scientist. U.S. government contractors were among those targeted, Golomb said. He declined to identify the victims. The discovery exposes another gap in web browser security despite pledges from Google and other vendors to proactively block malicious code from appearing in their official download stores. After being tipped off by Golomb’s team, Google removed […]

The post How hackers used malicious Chrome extensions in a mass spying campaign appeared first on CyberScoop.

Continue reading How hackers used malicious Chrome extensions in a mass spying campaign

A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency

Posted on by

Cybersecurity researchers on Thursday said they had helped disrupt the infrastructure behind a botnet being powered by tens of thousands of devices in Peru. For months, the botnet — an army of compromised computers controlled by an attacker — had grown in strength by quietly infecting devices using USB drives, allowing the attackers to mine thousands of dollars in cryptocurrency. The infections reached the Peruvian public sector and financial institutions, adding urgency to the effort to defang it. Now, Slovakian anti-virus company ESET says it helped “sinkhole” — or render innocuous — about a quarter of the malicious subdomains used by the botnet. That means the infected machines will continue to mine cryptocurrency, but they won’t be able to receive more malicious instructions — such as injecting code onto devices— from whoever is controlling the botnet. (ESET said it had no indication that those code injections would happen.) It’s an example of how the fight […]

The post A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency appeared first on CyberScoop.

Continue reading A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency

FBI enlists internet domain registries in fight against coronavirus scams

Posted on by

The U.S. Department of Justice is expanding its efforts to counteract a huge surge in internet scams related to the coronavirus pandemic. Federal officials announced Wednesday that ongoing cooperation between the government and a range of technology companies has resulted in the removal of hundreds of websites that included “coronavirus,” “covid19” and related phrases in their names. The goal, the Justice Department said, is to curb fraudulent sites that prey on pandemic anxieties to distribute malware, solicit donations or steal personal data. The FBI has received and reviewed more than 3,600 complaints related to coronavirus scams, mostly in connection with fake cures and fraudulent vaccines, the Justice Department said in a press release. Bureau officials previously estimated that the Internet Crime Complaint Center receives between 3,000 and 4,000 complaints per day, up from a prior average roughly 1,000 per day, though not all alerts are regarding the pandemic. “For cybercriminals there was […]

The post FBI enlists internet domain registries in fight against coronavirus scams appeared first on CyberScoop.

Continue reading FBI enlists internet domain registries in fight against coronavirus scams

Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations

Posted on by

A volunteer group of cybersecurity professionals formed to protect computer networks during the coronavirus pandemic says it has helped dismantle nearly 3,000 malicious internet domains and identified more than a 2,000 software vulnerabilities in health care institutions around the world. “The threats are coming in like a firehose; as fast as we can take things down, there are new [threats] there,” said Marc Rogers, who is an executive with cybersecurity company Okta and one of the founders of the volunteer group. Known as the Cyber Threat Intelligence (CTI) League, the group’s membership has soared from a few dozen since its founding last month to some 1,400 people in 76 countries today. Security specialists from technology giants like Microsoft are members, and the group says it has formed close connections with law enforcement agencies. Their services are in high demand as health care organizations strain to deal with COVID-19, which has killed more […]

The post Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations appeared first on CyberScoop.

Continue reading Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations

Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters

Posted on by

Verisign has fixed an issue that could have allowed attackers to register bogus domains by using homoglyphs in place of more common characters, due to research from California-based security firm Soluble. Matt Hamilton, principal security researcher at Soluble, discovered the flaw when he attempted to register an Amazon Web Services S3 bucket with Unicode emoji characters. “It was possible to register Latin homoglyph characters, specifically Unicode Latin IPA Extension homoglyphs,” he wrote in a blog released Wednesday. “I then checked if it was possible to register domains with these homoglyph characters. Ruh-roh, it was.” Hamilton called out the abuse of the following characters: The “ɡ” (Voiced Velar Stop) The “ɑ” (Latin Alpha) The “ɩ” (Latin Iota) For years, domain providers have been aware of homoglyph attacks and have put in place restrictions to prevent their exploitation, such as barring the use of both Latin and Cyrillic characters at once. Verisign, which operates […]

The post Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters appeared first on CyberScoop.

Continue reading Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters

Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence

Posted on by

Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-pyTen years ago, VirusTotal launched VT Intelligence; a critical component of … Continue reading Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence

Ransomware infects popular web-hosting provider SmarterASP

Posted on by

A ransomware attack has hit SmarterASP.NET, a popular web-hosting provider, forcing the websites of an unspecified number of customers offline. “Your hosting account was under attack and hackers have encrypted all your data,” SmarterASP.NET, which claims over 440,000 customers, said Monday in a message on its website. “We are now working with security experts to try to decrypt your data and also to make sure this would never happen again.” For relatively cheap, SmarterASP.NET lets organizations or individuals host an unlimited number of websites per month. That makes SmarterASP.NET an attractive target for a ransomware-slinging attacker looking to hit a range of victims. The ransomware attack was an unwelcome disruption for a company that markets itself on keeping sites online. Throughout the day Monday, SmarterASP.NET posted updates to its Facebook page saying that customer accounts locked by the ransomware were gradually being decrypted and restored. Some customers thanked SmarterASP.NET for […]

The post Ransomware infects popular web-hosting provider SmarterASP appeared first on CyberScoop.

Continue reading Ransomware infects popular web-hosting provider SmarterASP

Investigating Phishing Emails and Domains Using Domain Tools Iris

Posted on by

Investigation Time! You may be sitting at work early in the morning, enjoying your coffee and the peace and quiet that comes along with being the first one in the office. Like most, the first thing you do is check some emails (not all of it, just some,… Continue reading Investigating Phishing Emails and Domains Using Domain Tools Iris