Google’s New Top-Level Domains | Microsoft Threat Intelligence Report | PyPI and KeePass Alerts

3 minute read

May 2023

by cybergrx

In this episode of GRXcerpts: 

  • Google’s top-level domains open doors to new attack vectors
  • Warnings from Microsoft’s Threat Intelligence Report
  • And alerts for PyPI and KeePass users

Watch now:

New Google Top-Level Domains

Google Registry has recently introduced eight new top-level domains (TLDs) to add excitement, self-expression, and creativity to your web experience– and more likely stress for cybersecurity teams, too. Examples of the new top-level domains include .dad, domains that reflect your credentials, like .prof or .phd; techie domains, such as .foo, plus some troublesome additions, including .zip and .mov. The .zip and .mov demains are especially prompting concern in the cybersecurity community about internet security and new attack vectors, specifically sly phishing campaigns, malware installations, or other malicious activities. Because the new domains are already approved and available for use, internet services and mobile apps will be forced to treat text snippets such as “test.zip” and “test.mov” like proper URLs and open in a web browser. Reportedly, cybercriminals have already started to exploit the new top-level domains, creating a now-defunct phishing page at microsoft-office.zip, designed to try and steal your Microsoft credentials. It just goes to show what Google created to add expression to your web experience has made for a more insecure experience instead.

Microsoft Threat Intelligence Report Warnings

Microsoft is warning businesses about new tactics scammers are using to up their phishing game. 

According to Microsoft’s new threat intelligence report, business email compromise attacks are rising. Microsoft’s Threat Intelligence Digital Crimes Unit detected 35 million business email compromise attempts between April 2022 and April 2023, which amounts to an average of 156,000 attacks per day. The most common type of phishing email is a lure or an attempt to get the recipient to perform a simple task, accounting for 62% of business phishing emails.

And hackers are getting more sophisticated in their tactics, too. Specifically, hackers are now purchasing residential IP addresses close to the businesses they’re targeting to avoid Impossible Travel flags. Impossible travel flags identify potentially suspicious activity, such as when a user connects from two different geographical locations at two different times, and the time between couldn’t have been accomplished through normal air travel.  However, hackers can get around that flag by using a localized IP address.

PyPI User Alert

The default software registry for Python developers has temporarily suspended new users from signing up and new projects from being uploaded to the platform. The unexpected shutdown comes from an influx of malicious users and packages, which has outpaced PyPI’s ability to respond. Per company authorities, the freeze prevents threat actors from potentially using the PyPI platform to distribute malware and is a proactive move until a more permanent solution can be found. PyPI experienced problems earlier this year with malicious code in some of their packages, including the Color-Blind malware and info-stealer trojans. PyPI says the temporary pause is unlikely to impact existing maintainers of Python packages available on the registry from publishing newer versions of their artifacts.

KeePass User Alert

For those using open source password manager KeePass, a new vulnerability was discovered that allows attackers to extract the master password directly from the software’s memory. Vulcan Cyber researchers said the vulnerability presents an exploitable loophole that compromises the primary key to unlock the user’s password database. KeePass plans to issue a patch by early June.

All information is current as of May 22, 2023. Subscribe to receive future episodes as they are released.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.