SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firewall CT Policy; Veeam and Netgear patches Phishing via com- prefix domains Every day, attackers are registering a few hunder domain names starting with com-. These are used in phishing e-mails, like for example "toll fee scams", to create more convincing phishing links. https://isc.sans.edu/diary/Phishing%20via%20%22com-%22%20prefix%20domains/31654 Microsoft Windows 10 Extended Security Updates Microsoft released pricing and additional details for the Windows 10 extended security updates. For the first year after official free updates stopped, security updates will be available for $61 for the first year. https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates Mozilla Enforcing Certificate Transparency Mozilla is following the lead from other browsers, and will require certificates to include a certificate signature timestamp as proof of compliance with certificate transparency requirements. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies Veeam Update Veeam's internal backup process may be used to execute arbitrary code by an attacker with a machine in the middle position. https://www.veeam.com/kb4712 Netgear Unauthenticated RCE https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 keywords: netgear; veeam; firefox; certificate transparency; ct; microsoft; windows 10; ESU; updates; phishing; sunpass;