Fun #SitecoreLunch today! Discussed:

📺 Old TV
🎙️ Podcasts
🤑 #GoogleUCP
🦦 #EmmetOtter
🤖 AI commerce
🖥️ #Cybersquatting
🔎 #AEO & #GEO tips
♾️ AI prompt generator
🛍️ #SitecoreOrderCloud
🌍 #SUGCONEU in London
🏰 #BuckinghamPalace tour
🏃‍ AI-generated sprint planning

See you same time next week! 🥪🥗

The milords of Delhi HC present, yet another banger!: Mandatory #eKYC of #DomainNameRegistrations in #India!

https://www.medianama.com/2025/12/223-delhi-high-court-e-kyc-verification-website-domain-name-registrations/

Excuse this time: #Cybersquatting, #Typosquatting!

Salient details:
- MANDATORY for DNRs in India
- Registrars MUST collect and retain personal ID, IP & activity logs SECURELY!
- DISABLE default WHOIS PROTECTION!
- Details to be supplied within 72hrs of order by enforcement agencies (no warrant?)
- No more complementary emails!

[1/4]

@internetfreedom

Back in April 2020, Elise Thomas fell into a rabbit hole with Danish Satanist Biohackers and she wrote this excellent thread on X https://threadreaderapp.com/thread/1253318042001367040.html, detailing her descend. The update I'm writing below, tells you some of what has happened since then.

In October 2021 journalist https://bsky.app/profile/frederikkulager.bsky.social wrote an article in Danish about this user, detailing his connection to the Bill Gates Microchip conspiracy theory, and how he had tried to bamboozle https://bsky.app/profile/luciengreaves.bsky.social (article: https://www.zetland.dk/historie/segJ4JyJ-aOZj67pz-9950e). Shortly after publishing, the user changed his name, and made the BEZH IG and X accounts protected. But he wasn't done yet.

He doubled down on another project: https://twitter.com/@.terror_alarm. According to himself it's the "World's First Strategist Agentic AI". There's a website, an X account, a bsky account, a Telegram channel, and Facebook page. The Facebook page is interesting, because when that page was created, it was called "ISIS Alarm" (https://files.catbox.moe/dt4226.png). And look, the Terror Alarm X account used to be called isisalarm_com (https://files.catbox.moe/rmqweh.png).

For additional proof, consider the Google Play Store entry for the app with package ID com.isis.alarm (https://files.catbox.moe/nh00ta.png), promoted by various accounts on twitter. including Terror Alarm, from back when it was called isisalarm_com: https://files.catbox.moe/khz5e3.png. That app was published by BEZH, the Danish BiChip company.

So BEZH is now behind @.terror_alarm, a pro-Israeli account that also dables in drones, and other more or less dubious and non-existing ventures. Jared Kuschner and Joe Rogan follows the account, https://files.catbox.moe/csbdby.png

The owner seemingly likes to repurpose old Twitter accounts with new handles, and new exciting ventures. Which other ones might this person be repurposing? We know enjavi_com used to belong to him. Finding an old wayback machine entry, shows a link to a Periscope channel (https://files.catbox.moe/0qu2d0.png). Opening that link today, takes you to the periscope channel of @.katbunos (https://files.catbox.moe/gfqu4t.png).

So the account formerly known as enjavi_com and armyofthechrist, was renamed again, and is now called @.katbunos, cybersquatting on @.katbuno, a gamestreamer with 11m subscribers on YT.

#misinformation #cybersquatting #TerrorAlarm #SallyEnjavi #SimonSallyenjavi #BEZH #isisalarm #bichip #bichipcoin

HACKLOG 2x14 - Attacchi al Dominio Web e Domain Hijacking (Cyber/Typosquatting, Enumerazione)

https://peertube.uno/w/iKvZc2jxebfcw87bwk8Kr2

🤨 They’re wanting $14,000 for this

Porkbun Marketplace: The domain microsoft.zip is for sale.
#Cybersquatting #DomainSquatting
https://microsoft.zip/

"#Slopsquatting is a type of #cybersquatting. It is the practice of registering a non-existent software package name that a large language model (#LLM) may hallucinate in its output, whereby someone unknowingly may copy-paste and install the #software package without realizing it is #fake."

https://en.wikipedia.org/wiki/Slopsquatting

A wild ZWSP appears!

In case you’re not fluent in Unicode and percent-encoding: %E2%80%8B is a zero-width-space, an invisible character which helps set line-breaks correctly.

It seems that broken links with ZWSPs or unicode control characters like the left-to-right mark are a widespread problem, opening a door to cybersquatting.

Or may I suggest the name ‘typography squatting’?

#Signal #SignalApp #Android #Google #PlayStore #GrapheneOS #GitHub #TypoSquatting #CyberSquatting #TypographySquatting #InfoSec #Security #CyberSecurity

🚨 Fake Booking.com phishing pages used to deliver malware and steal data
⚠️ Attackers use #cybersquatting, mimicking Booking website to create legitimate-looking phishing pages that trick users into executing malicious actions.
Leveraging #ANYRUN's interactivity, security professionals can follow the entire infection chain and gather #IOCs.

👨‍💻 Case 1: The user is instructed to open the Run tool by pressing Win + R, then Ctrl + V to paste the script, and hit Enter. This sequence of actions executes a #malicious script that downloads and runs malware, in this case, #XWorm.
Take a look at the analysis: https://app.any.run/tasks/61fd06c8-2332-450d-b44b-091fe5094335/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice

🔍 TI Lookup request to find domains, IPs, and analysis sessions related to this campaign:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522mktoresp.com%255C%2522%2520AND%2520domainName:%255C%2522booking.*.%255C%2522%2522,%2522dateRange%2522:30%7D%20%20

🎯 Use this search query to find more examples of this fake #CAPTCHA technique and enhance your organization's security response:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522commandLine:%5C%2522

👨‍💻 Case 2: In this scenario, threat actors aim to steal victims’ banking information. It’s a typical phishing site that mimics Booking website and, after a few steps, prompts users to enter their card details to ‘verify’ their stay.
See example: https://app.any.run/tasks/87c49110-90ff-4833-8f65-af87e49fcc8d/?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_term=060325&utm_content=linktoservice

📌 A key domain in this campaign, Iili[.]io, was also used by #Tycoon2FA #phishkit.
🔍 Use this TI Lookup query to find more examples:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=fake_booking&utm_content=linktoti&utm_term=060325#%7B%2522query%2522:%2522domainName:%255C%2522bzib.nelreports.net%255C%2522%2520AND%2520domainName:%255C%2522xpaywalletcdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522cdnjs.cloudflare.com%255C%2522%2520AND%2520domainName:%255C%2522xpaycdn.azureedge.net%255C%2522%2520AND%2520domainName:%255C%2522iili.io%255C%2522%2522,%2522dateRange%2522:180%7D%20

Investigate the latest #malware and #phishing attacks with #ANYRUN 🚀

#cybersecurity #infosec

Mashable: Bluesky cybersquatting problem addressed in latest update. “A new Bluesky update aims to tamp down on the cybersquatting and fake account problem that has plagued the app. In an update rolled out on Thursday evening, users who have verified their account by using a domain name automatically reserve their default username to prevent impersonators from taking it.”

https://rbfirehose.com/2024/12/23/mashable-bluesky-cybersquatting-problem-addressed-in-latest-update/

Interesting story from @tedium about an extortion scheme targeting prominent personalities on Bluesky who don't own their own domain.

"Cybersquatting is not a new issue, of course, but Bluesky’s decision to tie verification to domains as social proof shows the limitations of the strategy."

https://tedium.co/2024/12/17/bluesky-impersonation-risks/

I wonder how this would play out in the fediverse.

#bluesky #fediverse #domains #verification #cybersquatting