Cyber Pulse: Edition 104

Microsoft subdomains could be hijacked and abused for phishing and malware distribution

A security research firm found that over 600 legitimate Microsoft subdomains could be hijacked and abused for phishing, malware delivery and scams. Researchers revealed that Microsoft’s DNS records for a subdomain point to a domain which no longer exists. This means anyone can use this opportunity to create a non-existent domain and hijack the subdomain with misconfigured DNS records.

Security researchers have created an automated web scanner and scanned all the subdomains of important Microsoft domains. The scan results revealed over 670 subdomains that could be hijacked using the above technique. An attacker can potentially direct the visitors of the hijacked subdomain to a phishing website. To understand how the attack works, researchers at Vullnerability have published a blog post describing their findings. To mitigate such threats, researchers suggest exercising caution while working through links or files from untrusted sources and email addresses.

Zero-day vulnerability in Verisign and other SaaS services

Adversaries are abusing a zero-day vulnerability in Verisign and other Software as a Service (SaaS) services – including Google and Amazon – to register generic top-level domains and subdomains that look similar to legitimate sites. The intention behind this is to launch phishing attacks against organisations.

Matt Hamilton, a principal security researcher at Soluble, highlighted that an attacker could register a domain or subdomain that appears visually identical to its legitimate counterpart, and perform social-engineering or insider attacks against an organisation. Verisign, which holds authoritative registry for .com, .net, .edu, and several other generic top-level domains, has now fixed the flaw by restricting the registration of domains using these homoglyph characters. Soluble has reported the vulnerability to the vendors of SaaS services. A patch for the vulnerability is yet to be released by the vendors. 

Cathay Pacific fined by ICO for 2018 breach incident​

Cathay Pacific has been fined over £500,000 by the Information Commissioner’s Office (ICO) for a 2018 security breach that exposed the data of around 9.4 million customers, 111,578 of whom were UK residents, globally. ICO of the UK, which imposed the penalty, stated Cathay Pacific failed to protect customers' personal data.

The investigating team came across a plethora of errors that led to the security breach. This included unprotected back-up files, unpatched Internet-facing servers, outdated operation systems and poor antivirus protection policies. TechCrunch reports that the airline stated it is committed to improving its security “in the areas of data governance, network security and access control, education and employee awareness, and incident response agility.”

NCSC provides guidelines for securing smart-home cameras

The National Cyber Security Centre (NCSC) of the UK has released a new guidance paper that presents three simple steps to boast cybersecurity and make it more difficult for adversaries to compromise smart camera devices. These include changing all default passwords, updating software regularly and disabling remote view. Security cameras now come in various forms, including baby monitors and motion-detection cameras. Consequently, it is important for consumers to take the right steps for the overall security and safety of the devices to avoid being watched by threat actors over the internet.

Edited and compiled by cyber security specialist James Aguilan.

Subscribe to our weekly Cyber Pulse newsletter below.

Click here to find out about QA's extensive cyber security courses