"The researchers told administrators about the cybersecurity gaps where possible. Six months later, only 31 per cent of reported subdomains were corrected."
Sounds about right.
Abandoned or ignored subdomains often include overlooked vulnerabilities that leave organisations open to attack, according to a team of infosec researchers from the Vienna University of Technology and the Ca’ Foscari University of Venice. The team’s work will be presented at the 30th USENIX Security Symposium this August. …