/ Industry Updates

Managing Expanding Attack Surfaces for Growing Businesses

While 20% of businesses may not survive past their first year, those that manage steady growth face new challenges over time. Among them is external attack surface expansion, one of the most critical security aspects for growing businesses.

Subdomain Hijacking in the News Again - What is It?

In recent news, more than 13,000 subdomains of brands were hijacked for a large spam campaign that "leverages the trust associated with these domains to circulate spam and malicious phishing emails by the millions each day, cunningly using their credibility and stolen resources to slip past security measures."

Looking for More Signs of Nitrogen in the DNS

Malwarebytes Labs recently published a report on the latest Nitrogen malware campaign that has been targeting system administrators using fake ads in the guise of Google sponsored search results. According to the security analysts, the victims are currently limited to North America.

Thoughts on RDRS for Brand Owners

This month, Stephanie Driver, CSC's marketing manager, spoke with Patrick Hauss, head of Corporate Development and Strategic Alliances EMEA, about the Internet Corporation for Assigned Names and Numbers (ICANN) Registration Data Request Service (RDRS) as part of an ongoing a series of interviews with CSC's Digital Brand services business experts, where we talk about industry issues across cybersecurity, domains, brand protection, and fraud protection.

Unraveling the World of Security Data Aggregation

More than 30.6 billion records have been exposed in 2024 so far based on 8,839 publicly disclosed incidents. Intensifying cybersecurity efforts has thus become more critical than ever for organizations the world over.

A DNS Investigation of the Typhoon 2FA Phishing Kit

Bleeping Computer recently reported that a phishing-as-a-service (PhaaS) available in cybercriminal forums dubbed "Typhoon 2FA" has the ability to compromise Microsoft 365 and Google accounts even if users have two-factor authentication (2FA) enabled.

Radix Releases H2 2023 Premium Domains Report, Reaches $4.8M in Total Premium Domain Name Retail Revenue

Radix, a leading top-level domain registry, recently released its Premium Domains Performance Report for the second half of 2023, highlighting significant growth and robust sales across its domain portfolio.

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

The 2024 U.S. tax season is well underway, and as usual, scams of all kinds targeting taxpayers and causing the Internal Revenue Service (IRS) problems have cropped up. One such ongoing malicious campaign has explicitly been trailing its sights on small business owners and the self-employed.

Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit

Glupteba, an advanced piece of malware, has been used in several cybercriminal attacks for more than a decade now. But Palo Alto's Unit 42 only brought to light one of the features that made it so effective - its Unified Extensible Firmware Interface (UEFI) bootkit component, which allowed it to intervene and control the operating system (OS) boot process and be extremely difficult to detect and remove, last November 2023.

Hunting for TimbreStealer Malware Artifacts in the DNS

A new info-stealing malware called "TimbreStealer" is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico.