fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Perl.com Domain Stolen, Now Using IP Address Tied To Malware

Perl.com Domain Stolen, Now Using IP Address Tied To Malware

The domain name perl.comwas stolen this week and is now points to an IP address associated with malware campaigns.

Perl.com is a site owned by The Perl Foundation and has been used since 1997 to post news and articles about the Perl programming language.

On January 27th, the Perl NOC site posted that the perl.com domain was hijacked and is now pointing users to a different IP address.

“The perl.com domain was hijacked this morning, and is currently pointing to a parking site.  Work is ongoing to attempt to recover it,” the Perl.org post reads.

The perl.com site was originally hosted at the IP address 151.101.2.132, but since being hijacked, it is now hosted at the Google Cloud IP address 35.186.238[.]101.

When visiting the site, users are greeted with a blank page. The HTML for the page contains Godaddy parked domain scripts even though the domain is registered with the registrar key-systems(.)net.

brian d foy, a Perl programming language author, tweeted that they have temporarily setup perl.com at http://perldotcom.perl.org for users who wish to access the site until the domain is recovered.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Until the domain hijacking is resolved, The Perl Foundation is recommending that users do not use perl.com as a CPAN mirror and to update it using the following command:

# perl -MCPAN -eshell
cpan shell -- CPAN exploration and modules installation (v2.20)
Enter 'h' for help.

cpan[1]> o conf urllist http://www.cpan.org/
Please use 'o conf commit' to make the config permanent!
cpan[2]> o conf commit
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'

At this time, it is not known how the domain was stolen. BleepingComputer has sent an email to The Perl Foundation with questions about this but has not received an answer.

New perl.com IP address tied to malware

The IP address that perl.com is now hosted has a long history of being used in older malware campaigns and more recent ones.

In 2019, the IP address 35.186.238[.]101 was tied to a domain distributing a malware executable [VirusTotal] for the now-defunct Locky ransomware.

More recently, a malware [VirusTotal] that appears to be an ad clicker is using the following domains as command and control (C2) servers.

www.supernetforme[.]com
www.superwebbysearch[.]com

These domain names both resolve to 35.186.238[.]101, as shown below.

Command and control servers hosted at 35.186.238[.]101
Command and control servers hosted at 35.186.238[.]101

When the malware attempts to connect to the URLs at these domains, they are now receicing the same parked domain scripts currently being used when visiting perl.com.

These HTML responses, rather than instructions from a C2, may indicate that the IP address is under the control of a different threat actor.

Also Read: Limiting Location Data Exposure: 8 Best Practices

For now, it is strongly advised not to visit perl.com until the domain is back in the hands of The Perl Foundation, as attackers could very easily switch it to a site for more malicious purposes.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us