Posts

GoDaddy Hack Spreads to 6 More Web Hosts


The hack that exposed the details of 1.2 million GoDaddy customers has spread to six more web hosts. As Search Engine Journal reports, the six additional web hosts are all resellers of GoDaddy’s WordPress hosting services and include 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple, and tsoHost.

Customers of at least two of these web hosting companies have been sent emails very similar to the one GoDaddy sent out regarding the security breach. The hack they experienced also targeted Managed WordPress accounts and managed to leak email addresses, customer numbers, WordPress Admin passwords, sFTP database usernames and passwords for active customers, and in some cases SSL private keys.

WordPress security plugin maker Wordfence confirmed the hack has spread to these web hosts and published a quote from Dan Rice, VP of Corporate Communications at GoDaddy, as to the extent of the attack:

“The GoDaddy brands that resell GoDaddy Managed WordPress are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. A small number of active and inactive Managed WordPress users at those brands were impacted by the security incident. No other brands are impacted. Those brands have already contacted their respective customers with specific detail and recommended action.”

The intrusion began on Sept. 6, giving the attacker plenty of time to take advantage of the user data and access to accounts. It’s currently unknown how that access to the data has been used. All customers affected by the breach at the web hosts listed above need to be vigilant and extra cautious with the emails they receive.

Hopefully each company has either contacted or is in the process of contacting affected customers with the measures taken to close the security hole. If you believe your account was compromised and haven’t been contacted, be proactive and contact your web host to confirm the status/health of your account.

Source…

China Hosts More Malware Than Russia: Findings from DNSFilter’s 2021 Domain Threat Report | State


WASHINGTON, Nov. 2, 2021 /PRNewswire/ — AI-driven web security company DNSFilter (www.dnsfilter.com) released its annual Domain Threat Report. Their research spans March 2020 through August 2021, but they found more than the COVID pandemic impacted end users’ interaction with malicious sites. They identified trends among sites related to cryptocurrency, unemployment, and more.

DNSFilter blocks threats in real-time at the DNS level, stopping access to malicious domains. The information collected in DNSFilter’s 2021 Domain Threat Report is backed by their proprietary Artificial Intelligence (AI) known as Webshrinker.

DNSFilter CEO Ken Carnesi writes the foreword of the threat report and notes, “2021 was the first time we truly took stock of this DNS data and recognized that sharing it will help others secure their IT infrastructure.” Carnesi believes “this report will assist organizations better understand the current, rapidly evolving, domain landscape and make better decisions when it comes to enabling DNS security.”

COVID-19, Cryptocurrency, and China—Findings from the report

According to the report, 11.47% of COVID-related queries during the pandemic were malicious—that’s more than 1-in-10. Although media coverage of the COVID-19 pandemic has recently waned, the opportunity for malicious domains capitalizing on COVID-related searches continues. The shape these threats have taken has changed, with unemployment scams (a result of pandemic benefits) in mid-2021 surging.

Cryptomining has also had a resurgence over the last year as blockchain technology and NFTs rise in popularity. Ethereum, Dogecoin, and Litecoin are more likely to be cryptomining sites, while copycat domains of Bitcoin are more likely to be phishing. 18.72% of cryptomining sites actively include terms relating to “mining” or “coin.” These sites are not necessarily hiding their intentions.

Other trends noted in this year’s report shed light on the geographic location of malicious domains. One of the more interesting findings was China is responsible for 16.69% of all malware queries on DNSFilter’s network. However, four out of five of the ccTLDs (Country-code Top-Level Domains) with…

Source…

NAU hosts industry and military partners to discuss multimillion-dollar cybersecurity project – NAU News

NAU hosts industry and military partners to discuss multimillion-dollar cybersecurity project  NAU News
“cyber warfare news” – read more