Why Phishers Love New TLDs Like .shop, .top and .xyz

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains gTLDs -- such as .shop , .top , .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements,...

sweetalert2 contains potentially undesirable behavior

sweetalert2 versions from 11.6.14 to before 11.22.4 have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme...

URLs have always been a great hiding place for threat actors

Welcome to this weeks edition of the Threat Source newsletter. Talos recent blog post on the dangers posed by the newly released ".zip" top-level domain TLD recently outlined how threat actors could create real URLs that look like file names and trick users into clicking on their links. .Zip and...

Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain. "With this phishing attack, you simulate a file archiver software e.g., WinRAR in the browser and use a .zip domain to make it...

Information Disclosure

curl is vulnerable to information disclosure.libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies...

curl: CVE-2022-27779: cookie for trailing dot TLD

Summary: In CVE-2014-3620 curl prevents cookies from being set for Top Level Domains TLDs. According to the advisory, curl's "cookie parser has no Public Suffix awareness", but it will "reject TLDs from being allowed". However, a cookie can still be set for a TLD + trailing dot. A trailing dot...

Typodetect - Detect The Active Mutations Of Domains

This tool gives blue teams, SOC's, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TL...

Security Bulletin: IBM BladeCenter Advanced Management Module is affected by cURL/libcURL vulnerabilities (CVE-2014-3613, CVE-2014-3620)

Summary Security vulnerabilities have been discovered in cURL/libcURL. Vulnerability Details Summary Security vulnerabilities have been discovered in cURL/libcURL. Vulnerability Details: CVE-ID: CVE-2014-3613 Description: cURL/libcURL could allow a remote attacker to bypass security restrictions,...

Domain Name Consolidation - Observations from the Field

Domain Name Consolidation The market and marketing of Web property domain names is changing. Companies prefer to promote top level domains TLDs, have the option of selecting brand-relevant domain extensions e.g. SaaS.com, and no longer need country-relevant domains to optimize search engine resul...

Domain Name Consolidation: Observations From the Field

The market and marketing of Web property domain names is changing. Companies prefer to promote top level domains TLDs, have the option of selecting brand-relevant domain extensions e.g. SaaS.com, and no longer need country-relevant domains to optimize search engine result rankings...

Bad .Men at .Work. Please Don’t .Click

Web site names ending in new top-level domains TLDs like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren't a whole mess of nasty .com, .net and .biz domains out there, b...

certstreamcatcher - Catching phishing by observing certificate transparency logs

Catching phishing by observing certificate transparency logs. This tool is based on regex with effective standards for detecting phishing sites in real time using certstream. Installation $ cd /opt/ $ git clone https://github.com/6IX7ine/certstreamcatcher.git $ cd certstreamcatcher $ npm install...

Google to Enforce HSTS on TLDs it Operates

Google said this week it would enforce HSTS on 45 Top Level Domains it operates. HSTS, or HTTP Strict Transport Security, forces HTTPS on client connections to webservers and is a key part of the strategy to encrypt the web. Google is the registry for many new TLDs and said that it will start...

Brave Software: Command Execution because of extension handling

Summary: Hello, Using this bug an attacker can execute commands as the current user using brave & gain complete shell capabilities and all possibilities associated Details: The issue is in the way the application handles website TLDs. typically in windows, .com represents an application, much...

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to...

USN-2346-1: curl vulnerabilities

Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. CVE-2014-3613 Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top...

Debian DSA-3022-1 : curl - security update

Two vulnerabilities have been discovered in cURL, an URL transfer library. They can be use to leak cookie information : - CVE-2014-3613 By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending...