Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Published on:

July 15, 2024

In a recent article from KrebsonSecurity, they detail that at least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Read the research: https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

Related Content

Research

Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both?

Analysis of ZionSiphon (SCADA_SecurityPatch_v8.4.exe), a .NET OT malware targeting Israeli water utilities. Discover its IOCs, targets, and flawed activation code.

Learn More

Research

Threat Intelligence Report: The SDA / Structura / Doppelgänger, Influence Operations, Infrastructure, Reach, and Potential

How does the Doppelgänger influence campaign reach 5M+ users? Read DTI’s latest report on the SDA/Structura ecosystem, featuring a deep dive into narrative propagation, domain rotation tactics, and a 72-hour crisis influence timeline.

Learn More

Research

MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution

Explore the evolution of MOIS-linked actors Homeland Justice, Karma, and Handala. Analysis of destructive malware, surveillance integration, and the 2026 Stryker incident.

Learn More

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Heading