".zip" top-level domains draw potential for information leaks

• Google’s recent offering of the “.zip” top-level domain (TLD) has led security researchers and likely threat actors to register numerous domains for red teaming and phishing attacks, respectively, causing new challenges for organizations and cybersecurity professionals.


• As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server.


• Leaked …

applications attacks challenges cybersecurity cybersecurity professionals domain domains files google information leaks led may organizations phishing phishing attacks professionals red teaming register researchers result security security researchers threat threat actors tld urls zip