Failing to properly address subdomains can put organizations at risk, as they often have overlooked vulnerabilities, according to a new report from security scholars at the Vienna University of Technology and Ca' Foscari University in Venice. Although cybercriminals often seek to hijack organizations' subdomains, the scholar "Can I take your subdomain?" The report, which will be presented at the USENIX Security Symposium in August, highlights how even large companies with well-funded IT teams can fall victim to an attack by forsaking or ignoring unused subdomains. As The Register reports, when an organization has neglected a subdomain, it can become vulnerable to cookie-based attacks. In such an attack, a cybercriminal will create his place hosted on a different server that he will use to substitute a company's subdomain. Because sites generally consider their subdomains "safe", the subdomain can overwrite and access the parent site's cookies. This allows an attacker to impersonate other users on a company's corporate internet to launch auxiliary attacks or steal sensitive data.