this post was submitted on 27 Feb 2024
70 points (100.0% liked)

Technology

58303 readers
19 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Researchers at Guardio Labs discovered a vast campaign hijacking thousands of subdomains belonging to well-known brands (MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay, etc.).

The attackers use these compromised subdomains to send millions of spammy and malicious emails daily, bypassing security measures by leveraging the trust associated with the hijacked brands.

Here's how it works:

  • Attackers hijack subdomains of established brands through various methods like complex DNS manipulation and exploiting abandoned domains.
  • They manipulate the hijacked subdomains' SPF records to make emails appear as if they originated from the legitimate brands.
  • These emails often contain deceptive content like fake cloud storage warnings, phishing attempts, or misleading advertisements.

The campaign is alarming for several reasons:

  • The scale: Over 8,000 domains have been compromised, and the number is growing.
  • The potential harm: Millions of spam and malicious emails are being sent daily.
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 8 months ago

Nobody will risk taking anything down

Anyone who hasn't worked in enterprise simply doesn't understand this aversion to risk. Above all else, don't break something.

Too many techies think "well, then we'll fix it". Umm, no.