Spooky action: Phantom domains create hijackable hyperlinks

Links to phantom domains don’t pose an inherent risk — so long as companies ensure they review websites for misspelled URLs and remove any placeholder links, hijacked hyperlinks are impossible. From an education standpoint, enterprises need to communicate the inherent risk of any link on any page — not just those that appear in unsolicited emails or text messages.  Spoofed websites are a common tactic used by cyber criminals in phishing and smishing attacks, which has led many enterprises to invest time and effort in teaching staff to recognize and avoid the risk of spoofed links. Free tools are available for this purpose, but there’s also an opportunity here to leverage AI to find phantom links, check if they’re now tied to active websites and assess the potential risk of those sites. With Bob’s under a time crunch to complete their new website, one (or more) links on the homepage are entered as It’s a simple error — all that’s missing is the second “s” in the domain name. According to the paper, these domains aren’t digital outliers — the web currently contains links to more than 572,000 phantom domains. The research defines phantom domains as active links to dot-com domains that have never been registered. According to a recent paper published at the 2024 Web Conference, so-called “phantom domains” make it possible for malicious actors to hijack hyperlinks and exploit users’ trust in familiar websites. These templates often contain placeholder links to nonsense domains that should be replaced by businesses before the website goes live. Because the site is familiar, they don’t spend time checking every link on the page — instead, they assume the owners of the site have done their due diligence to ensure hyperlink security.

This Cyber News was published on securityintelligence.com. Publication date: Tue, 01 Oct 2024 15:13:06 +0000


Cyber News related to Spooky action: Phantom domains create hijackable hyperlinks

Spooky action: Phantom domains create hijackable hyperlinks - Links to phantom domains don’t pose an inherent risk — so long as companies ensure they review websites for misspelled URLs and remove any placeholder links, hijacked hyperlinks are impossible. From an education standpoint, enterprises ...
1 week ago Securityintelligence.com
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains - The two main advantages of detecting stockpiled domains are expanding coverage of malicious domains and providing patient-zero detections as attackers stock up on domains for future use. As of July 2023, our detection pipeline has found 1,114,499 ...
9 months ago Unit42.paloaltonetworks.com
Cybersecurity Awareness Month: Cybersecurity awareness for developers - Siri Varma, tech lead and software development engineer with Microsoft Security, works with both developers and cybersecurity teams every day. Next, there’s the knowledge gap; coders may lack the necessary understanding of security practices, ...
1 week ago Securityintelligence.com
InfectedSlurs Botnet Spreads Mirai via Zero-Days - The payload targets routers and network video recorder devices with default admin credentials and installs Mirai variants when successful. Until November 9, 2023, the vulnerable devices being targeted were unknown. Since both the name and the version ...
10 months ago Akamai.com
Cloudflare loses 22% of its domains in Freenom.tk shutdown - A staggering 12.6 million domains on TLDs controlled by Freenom have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare. The disappearance of these websites was spotted during our ...
6 months ago Netcraft.com
Hunting for malicious domains with VT Intelligence ~ VirusTotal Blog - Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. Many cyberattacks begin by victims visiting compromised websites that host malware or phishing scams, threat actors use domains for ...
9 months ago Blog.virustotal.com
Researchers Hunted Malicious Stockpiled Domains DNS Records - Malicious stockpiled domains are the collection of domain names that threat actors acquire in advance for several types of future malicious activities like:-. While all these domains are often kept unused initially to evade detection, and then later ...
9 months ago Cybersecuritynews.com
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack - The recent discovery of a website supply chain attack using the cdn. Polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become ...
3 months ago Imperva.com
CVE-2020-25600 - An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs ...
2 years ago
AsyncRAT Loader Delivers Malware via JavaScript - For at least 11 months, this threat actor has been working on delivering the Remote Access Trojan through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent ...
8 months ago Cybersecurity-insiders.com
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse - This month, MITRE will be adding two sub-techniques to its ATT&CK database that have been widely exploited by North Korean threat actors. Both TCC manipulation and phantom DLL hijacking have allowed North Korean hackers to gain privileged access into ...
6 months ago Darkreading.com
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse - This month, MITRE will be adding two sub-techniques to its ATT&CK database that have been widely exploited by North Korean threat actors. Both TCC manipulation and phantom DLL hijacking have allowed North Korean hackers to gain privileged access into ...
6 months ago Darkreading.com
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell - In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. The Spamdot admins went by the ...
9 months ago Krebsonsecurity.com
Detectify platform enhancements address growing attack surface complexity - Detectify announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring control over attack surface data and enable organizations to seamlessly configure alerts for policy ...
4 months ago Helpnetsecurity.com
Criminal IP and Quad9 Collaborate to Exchange Domain and IP Threat Intelligence - Criminal IP, a renowned Cyber Threat Intelligence search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking ...
5 months ago Hackread.com
Cypher Queries in BloodHound Enterprise - Our first use case is identifying Domain Trusts that exist within an environment. Our specific query here, Map Domain Trusts can be selected which automatically populates the search window with the built-in query. Selecting Search will then return a ...
9 months ago Securityboulevard.com
Typosquatting Wave Shows No Signs of Abating - One of the most enduring of these exploits is the practice of typosquatting - i.e., using look-alike websites and domain names to lend legitimacy to social engineering efforts. These look-alikes prey on users' inattention to verifying legitimate ...
7 months ago Darkreading.com
CVE-2023-46839 - PCI devices can make use of a functionality called phantom functions, ...
6 months ago
Mandiant's Twitter account hacked to push cryptocurrency scam - The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. In tests by BleepingComputer, those who click the 'Claim Aidrop' ...
9 months ago Bleepingcomputer.com
Mandiant's account on X hacked to push cryptocurrency scam - The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. In tests by BleepingComputer, those who click the 'Claim Aidrop' ...
9 months ago Bleepingcomputer.com
CVE-2009-4780 - Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) ...
14 years ago
CVE-2020-13958 - A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no ...
3 years ago
CVE-2011-4670 - Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView ...
6 years ago
CVE-2023-38698 - Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they ...
1 year ago
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns - On January 3, 2024, Mandiant's X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. The following blog post provides additional insight into the drainer leveraged in this campaign, ...
9 months ago Mandiant.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)