Security Boulevard

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain ...
Security Boulevard

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.
Tech.co

Redirect is Making Domain Parking More Profitable

Whether you have one parked domain or thousands, it is better to enable these URLs to bounce to another site than to let them sit empty. After all, if you can turn these domains into a landing page or ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
ZDNet

Suit filed over VeriSign domain redirect

VeriSign is facing a new class-action lawsuit over its controversial "Site Finder" service, which redirects all misspelled or unassigned .com domain names to a search page managed by the domain name ...
Ars Technica

ICANN to prohibit nonexistent-domain redirect for new TLDs

Earlier this week, the Internet Corporation for Assigned Names and Numbers (ICANN) published a draft of an “explanatory memorandum” for a proposed clause that prohibits the managers of new generic top ...