To a phisher, one tiny hyphen can make a big mark.

SANS Technology Institute Dean of Research Johannes Ullrich alerted users to a “clever” phishing tactic that uses a URL containing a “com-” domain prefix. With that tiny, easy-to-miss hyphen, threat actors can disguise a malicious destination.

Ullrich noted on the SANS site that the phishing tactic was placed into fraudulent messages alerting a user of unpaid tolls. (The FBI warned the public of toll trolls in April 2024, when there were over 2,000 complaints of attacks using fake text messages.)

How the “.com-” tactic works. A legitimate site involving Florida’s toll system (SunPass) would involve a forward slash and look something like: “sunpass.com/tolls.”

In instances discovered by Ullrich and shared on the SANS site, the phisher registers for and receives a domain that begins with “com-,” followed by seemingly random letters, then ending with a top-level domain, like .info, .top, .xyz, and even .com.

To a reader, the phishy URL appears as something like: “sunpass.com-[random letters].top”—a tricky difference to notice when you’re quickly looking on a tiny phone screen and it appears that you owe toll money.

Read the rest here.—BH

So insecure, much danger.

Elon Musk’s government reform efforts may be having a deleterious effect on national security as the billionaire’s Department of Government Efficiency is leading to anger among federal rank and file and opening systems up to attack.

For Musk’s White House-appointed organization, known by its acronym DOGE, the federal government offers a rich and juicy target for the kind of slash-and-burn tactics that Silicon Valley is known for. Musk, whose purchase of Twitter in 2022 was followed by massive job cuts and exhortations to remaining staff to be “hardcore,” appears to be taking a similar tack across the US government.

Crisis management. Rex Booth, SailPoint CISO, told IT Brew that the public should view DOGE carefully, but rationally. A former White House advisor who helped develop the Office of the National Cyber Director, Booth is no stranger to the ups and downs of the federal government.

“There are things to be concerned about, and there are things that are less dire than they may appear to be,” Booth said. “If everything’s a crisis, nothing’s a crisis.”

Read more here.—EH

The Internet Infrastructure Coalition (i2Coalition), an organization known for uniting the unsung heroes that support the backbone of the internet, is circling in on its advocacy for one specific part of the industry it thinks needs a little more TLC: the hosting industry.

Earlier this month, i2Coalition debuted its Secure Hosting Alliance (SHA), an initiative that is on the hunt to create a more “ethical” web-hosting industry. David Snead, director of the newly formed alliance and co-founder of i2Coalition, told IT Brew that the impetus for the formation of the group came after the coalition observed a direct need to address abuse and trust issues specific to the hosting industry.

“The hosting industry is a bit different than a lot of other internet infrastructure participants because there are so many different players and the range of participants is so great that…it’s kind of a good opportunity to have a group that focuses on particular issues,” Snead said.

On the agenda. The SHA currently comprises 23 founding members, including Cloudflare, DreamHost, and GoDaddy. Together, the members will work to address abuse—which Snead defines as “actionable criminal activity” such as fraud—on their platforms and create proper “mechanisms” for entities to report suspected misconduct.

Keep reading here.—BM