Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
(krebsonsecurity.com)
from 0x0@programming.dev to cybersecurity@sh.itjust.works on 15 Jul 2024 16:35
https://programming.dev/post/16895435
from 0x0@programming.dev to cybersecurity@sh.itjust.works on 15 Jul 2024 16:35
https://programming.dev/post/16895435
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.
threaded - newest