watchTowr Labs investigated thousands of abandoned but live backdoors installed on various compromised sites to determine what data the original backdoor owners have stolen. They published their findings in "Backdooring Your Backdoors -- Another $20 Domain, More Governments" and, in the process, identified 34 domains as indicators of compromise (IoCs).
The market for IPv4 addresses continues to show resilience, with January 2025 figures indicating a modest uptick in pricing across several block sizes. Data from IPv4.Global by Hilco Streambank reveals that while average prices hovered in the low-to-mid $30s per address, the actual range of transactions was significantly broader, spanning from $28 to $48 per address. This highlights the persistent pricing variability driven by block size, buyer urgency, and negotiation dynamics.
Unit 42 of Palo Alto Networks recently uncovered a phishing campaign targeting European companies to harvest victims' account credentials and take over their Microsoft Azure cloud infrastructure. According to their report, the phishing attempts leveraging the HubSpot Free Form Builder service peaked in June 2024.
Using resumes to fake job applications is not a novel social engineering lure for run-of-the-mill phishing campaigns. But utilizing the same tactic to launch a targeted attack isn't that common.
The Lumma Stealer, known for using the malware-as-a-service (MaaS) model, has figured in various campaigns targeting victims in countries like Argentina, Colombia, the U.S., the Philippines, and others since 2022.
The fourth quarter of 2024 closed with 364.3 million domain name registrations across all top-level domains (TLDs), an increase of 2.0 million domain name registrations compared to the previous quarter, according to the latest issue of the Domain Name Industry Brief Quarterly Report, released Thursday at DNIB.com.
The Earth Minotaur threat group recently revived the MOONSHINE exploit kit, first discovered in 2019. According to Trend Micro's in-depth analysis, MOONSHINE had more than 55 servers in 2024 and has been updated with more exploits and functions compared with its 2019 version.
Thousands of people working for organizations in the public, academia, and defense sectors are being targeted by spear-phishing attacks operated by a threat group called "Midnight Blizzard." The messages contained a Remote Desktop Protocol (RDP) configuration file connected to the malicious actor's server.
Our research team analyzed 24.4+ million domains registered between 1 October and 31 December 2024 from the Newly Registered Domains (NRD) Data Feed.
The internet has grown organically from a cooperative lab experiment into an economic infrastructure. In the early days, configuration mistakes were an annoyance, but not much more. Today, a mistake can cost organizations money, enable security threats, and degrade reputations.