Eblogtip.com
  • Categories
    • News
    • Technology
    • Domains
    • Hosting
    • Promotions

Archives

  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • December 2022

Categories

  • News
  • Technology
  • Uncategorized
eBlogTip
  • Categories
    • News
    • Technology
    • Domains
    • Hosting
    • Promotions
  • News

Want a new Google zip domain? It could be a serious security risk

  • May 17, 2023
Total
0
Shares
0
0
0


Google recently unveiled (opens in new tab) eight new top-level domains (TLDs) designed to inspire fathers (.dad), graduates (.prof, .phd, and .esq), and tech enthusiasts (.foo, .zip, .mov, and .nexus), but at least two of those present a significant cybersecurity risk, experts have warned.

The TLDs in question – .zip and .mov – share their name with common file formats (ZIP archives and video files) that exist outside of the Internet’s four walls, which many cybersecurity experts are calling out for being misleading.

While other similarly vulnerable TLDs have been rolled out in the past, such as .docs, the introduction of two more increase the chances of a scam or phishing attack, giving threat actors more routes.

.zip and .mov TLD risk

A legitimate website with any TLD, including ‘dangerous’ examples like .zip, could include a help section describing the process required to open a zipped file, for example. Should that file be named – in our case, example.zip – a user’s browser may then automatically add a hyperlink because it knows that .zip is a legitimate TLD, even though in our case the page refers to a local file and not a website.

While the file itself is safe, a threat actor could have already registered a website under that domain in the hope that unsuspecting users click on hyperlinks that lead them to a malicious page that could be the host to malware, phishing attacks, or other scams.

Already, a series of concerning domains have been registered under the new and risky TLDs in the hope that someone, somewhere, has referred to the file name on a web page, which will then be converted to a hyperlink to their malicious site.

While there are some steps that a user can take to be more savvy when it comes to following potentially risky links, some of the responsibility must ultimately fall with Google. The company did not immediately respond to TechRadar Pro’s request for comment.


Source link

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Previous Article
  • News

Windows 11 security bug fix debacle is seriously embarrassing for Microsoft

  • May 17, 2023
View Post
Next Article
  • News

Apple says it blocked nearly two million malicious or insecure iOS apps last year

  • May 17, 2023
View Post
You May Also Like
View Post
  • News

Sliced and diced – thousands of Pizza Hut customers hacked and password stolen

  • September 23, 2023
View Post
  • News

Quordle today – hints and answers for Saturday, September 23 (game #607)

  • September 22, 2023
View Post
  • News

Apple HomePod finally gets hands-free Spotify thanks to this iOS 17 workaround

  • September 22, 2023
View Post
  • News

Switching to an iPhone 15 from an older iPhone? Do this first and thank us later

  • September 22, 2023
View Post
  • News

This malicious fake YouTube app could hijack your phone and record all your secrets

  • September 22, 2023
View Post
  • News

Google’s iPager ad again blames Apple for green bubbles and other messaging woes

  • September 22, 2023
View Post
  • News

Android 14 beta gives Pixel phones a taste of Apple’s handy webcam feature

  • September 22, 2023
View Post
  • News

Unity is making some changes to its controversial Runtime Fee, thanks community for its “hard feedback”

  • September 22, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

eBlogTip.com
  • Categories

Input your search keywords and press Enter.