
(Adobe Stock)
Several decentralized finance platforms, including Compound Finance, Celer Network, and Pendle, had domains registered with Squarespace impacted by DNS hijacking attacks on Thursday, BleepingComputer reports.
Both Celer and Pendle reported the recovery of their domains, with the latter emphasizing that no cryptocurrency assets had been compromised as a result of the intrusion. “…[A]ttackers exploited a vulnerability in Squarespace, hijacking domains hosted on their platform. Security experts are still working out the exact mechanism for the hijacking attacks, but many domains (including Pendle’s) that were migrated from Google to Squarespace have been affected,” said Pendle in a post on X, formerly Twitter. Additional details regarding the domain takeover process remain unclear but the compromise has been associated by cryptocurrency security researchers Andrew Mohawk, Taylor Monahan, and Samczsun with the multi-factor authentication deactivation during domain migration. Automated domain-linked account creation and reseller access may have also been exploited by threat actors to facilitate domain hijacking, researchers said.
Laura French
Attackers could remotely reset the router password and inject commands through the reset password page.
Steve Zurier
Flaw considered serious since Moxa customers include leading industrial manufacturers and telecoms.
SC Staff
The compromise commences with the delivery of a CLDAP referral response packet to disrupt the Local Security Authority Subsystem Service before the subsequent sending of a DCE/RPC request to the targeted machine and the eventual designation of the victim’s machine as an LDAP client that requests for CLDAP from the attacker’s machine.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.
Related Terms
You can skip this ad in 5 seconds
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use.

More Stories
NDSS Symposium 2027 Heads to Seoul: Expanding Global Collaboration in Cybersecurity Research
Solving Crime Without Breaking Encryption
Community Snapshot—May