DNS

Attack Surface Analysis of 3 Social Media Giants

Cybercrime is first and foremost financially motivated. Cybercriminals look for lucrative targets, including social media networks with hundreds of millions of monthly active users. We put this perspective to the test by analyzing the domain attack surface of three of today's largest social media platforms.

Third-Party Vendor Risk Management: A Look into Top Couriers’ Digital Footprint

Just as no man is an island, no company can perform core functions without other organizations' help. This fact is highlighted in today's age of outsourcing, partnership, and third-party connections. Unfortunately, threat actors have also found a massive opportunity in these relationships.

Enriching IP Blacklists Using a Reverse IP/DNS Database

Every organization faces two kinds of cyber threats daily - "known" and "unknown" ones. Known threats are those that security experts have discovered, often published in blogs and major news outfits with accompanying indicators of compromise (IoCs). Unknown threats, meanwhile, are those that remain hidden to victims and researchers. IoCs for these have yet to be identified and disclosed.

CSC’s Research on Election-Related Domains Aligns with Recent FBI and CISA Warning

Following a public announcement from the FBI and CISA warning the public to avoid spoofed election-related internet domains, CSC announced research findings that show the overwhelming majority of registered typo domains related to the election are vulnerable.

Beefing Up Third-Party Risk Management with Reverse DNS Search

Most businesses rely on third-party entities to outsource certain functions, save on costs, and strengthen their cybersecurity capabilities. While working with external providers makes perfect business sense, it also poses cyber risks.

Gathering Context Around Emotet, Trickbot, and Dridex C&C Servers with Bulk IP Geolocation

Dridex, Trickbot, and Emotet are banking Trojans that have enabled cybercrime groups to steal hundreds of millions of dollars from their victims. These malware have evolved over the years, and just recently, Emotet was seen using stolen attachments to make their spam emails more credible.

Augmenting Digital Risk Protection with Threat Intelligence Sources

The world continues to produce and consume digital content at an increasingly fast pace across channels - making risk exposure continuously greater in the process. To tackle this problem, digital risk protection allows organizations to address digital risk factors and monitor and reduce their attack surface.

Threat Intelligence Feeds in the Fight against Insurance-Themed Cyber Attacks

Threat actors are seasoned posers. They often pose as bank employees, police officers, or court officials. A coronavirus-themed campaign even had them posing as the Director-General of the World Health Organization (WHO). Insurance companies are also increasingly targeted, which can be attributed to the ongoing global health crisis.

The DNS Ecosystem, Its Vulnerabilities, and Threat Mitigations

David Conrad, CTO of The Internet Corporation for Assigned Names and Numbers (ICANN), recently presented a keynote during a webinar we collaborated on with other internet organizations. This post summarises his explanation of the domain name system (DNS) ecosystem, its vulnerabilities, and threat mitigations.

100K+ List of Disposable Email Domains Under Security Analysis

Disposable email addresses are quite widespread and for different reasons. Some people believe that using throwaway or temporary email addresses helps them protect their privacy. Others, however, use these in more questionable endeavors - hence the relevance of monitoring disposable email domains.