Don’t Let Your Domain Name Become a “Sitting Duck”

August 1, 2024Source: KrebsOnSecurity

Found this useful? Share it with your network

New research reveals that over a million domain names, including those registered by major Fortune 100 firms, are susceptible to being hijacked due to weak authentication methods employed by various web hosting providers and domain registrars. The issue stems from "lame" DNS records, which happen when a domain's authoritative name server lacks sufficient information to resolve queries. This vulnerability allows cybercriminals to assume control of these domains without accessing the legitimate owner’s account, a method previously exploited in high-profile cases to send bomb threats and phishing emails. The research, conducted by Infoblox and Eclypsium, notes that this has been an ongoing issue, with numerous DNS providers still failing to implement adequate domain ownership verification. The hijacked domains, termed "Sitting Ducks," are often used for malicious activities, including phishing and malware distribution. Despite some improvements and ongoing efforts by a few providers, more cooperation among all stakeholders and better regulatory measures are necessary to mitigate these risks.

Read Full Article

Opens on KrebsOnSecurity

More News

AMA Asking For Stronger Safeguards on AI Mental Health Chatbots

April 29, 2026MobiHealthNews

Andrea Daugherty Appointed Chief Information and Digital Transformation Officer at ARMC

April 24, 2026arrowheadregional.org

Craig Richardville Appointed Chief Digital and Information Officer at UF Health

April 13, 2026ufhealth.org

Former AMA Exec Margaret Lozovatsky Named CDIO At Premier Health

April 10, 2026premierhealth.com

Signature Healthcare Diverts Ambulances Following Cybersecurity Incident

April 8, 2026SecurityWeek

More Than 100 Hospitals Suing HHS Over Alleged Underpayment

April 6, 2026MedCity News