Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Published on:

July 15, 2024

On This Page

In a recent article from KrebsonSecurity, they detail that at least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Read the research: https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

Related Content

Research

THE KNOWNSEC LEAK: Yet Another Leak of China’s Contractor-Driven Cyber-Espionage Ecosystem

Leaked Knownsec documents reveal China’s cyberespionage ecosystem. Analyze TargetDB, GhostX, and 404 Lab’s role in global reconnaissance and critical infrastructure targeting.

Learn More

Research

The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation

APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-payments, and administrative ledgers sustain Iranian cyber operations and link them to Moses Staff.

Learn More

Research

Chinese Malware Delivery Domains Part IV

Chinese Malware Delivery Domains Part IV uncovers 1,900+ new sites targeting Chinese-speaking users. Get a deep dive into infrastructure, TTPs, and AI-powered threat analysis.

Learn More

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Heading