2013, DNS and Hacking - Cyber Security Informer

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records. Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure.

Authentication

Authentication System Administration DNS Hacking

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains. Guilmette told KrebsOnSecurity he initially considered the possibility that GoDaddy had been hacked, or that thousands of the registrar’s customers perhaps had their GoDaddy usernames and passwords stolen.

DNS

DNS Internet Internet Computers and Electronics

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. But he denied ever participating in illegal hacking activities.

DNS

DNS Penetration Testing Malware Hacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] us , a site unabashedly dedicated to helping people hack email and online gaming accounts. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com

Hacking

Hacking Accountability Data breaches Marketing

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Encryption Risk

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

ru , which periodically published hacking tools and exploits for software vulnerabilities. By 2004, v1pee had adopted the moniker “ Vega ” on the exclusive Russian language hacking forum Mazafaka , where this user became one of the more reliable vendors of stolen payment cards. A screenshot of a website reviewing PM2BTC.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. “The technique relies on a DNS Tunneling communication channel through a custom implementation of the iodine source code , an open-source software that enables the tunneling of IPv4 data through a DNS server.

DNS

DNS Malware Advertising Software

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent. They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.”

DNS

DNS Advertising Spyware Software

Iran-linked COBALT DICKENS group targets universities in new phishing campaign

Security Affairs

AUGUST 28, 2018

Many of the domains used by COBALT DICKENS were registered between May and August 2018, most of them resolved to the same IP address and DNS name server. Iranian hacking activity is intensifying in the last years, security firms uncovered the activities of many Iran-linked APT groups. Securi ty Affairs – COBALT DICKENS, hacking).

Phishing

Phishing Advertising DNS Hacking

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. This script shows a social engineering message, such as a Flash update popup or a DNS error, and attempts to trick the victim into downloading a malicious file deploy a Cobalt Strike loader. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Media Social Engineering Phishing

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. Security Affairs – Novidade exploit kit, hacking). ” continues the analysis.

DNS

DNS Advertising Firmware Banking

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. SecurityAffairs – hacking, InvisiMole). ” reads the advisory published by CERT-UA.

Spyware

Spyware DNS Phishing Government

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

” Evidence collected by the experts suggests that the threat actor has been active at least since 2013. They abandon the C2 hostnames — which in this case are free DNS-based and they may change the crypter and initial vector, but they won’t stop their activity. SecurityAffairs – hacking, malware).

Malware

Malware Phishing DNS Cybercrime

CISA urges to fix multiple critical flaws in Juniper Networks products

Security Affairs

JULY 16, 2022

affects nginx resolver and can allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. some of them date back 2013. . some of them date back 2013. SecurityAffairs – hacking, Juniper Networks).

DNS

DNS Network Security Hacking Software

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Security Affairs

JUNE 9, 2022

The group has been active since at least 2013, the Aoqin Dragon was observed seeking initial access primarily through document exploits and the use of fake removable devices. Other techniques employed by the APT group include DLL hijacking, Themida-packed files, and DNS tunneling to evade post-compromise detection. Pierluigi Paganini.

Malware

Malware DNS Encryption Education

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

The hacking campaign confirmed that the Gamaredon operations are still ongoing and the high interest of the Kremlin in infiltrating the East European ecosystem, especially the Ukranian one. The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013.

Government

Government Advertising Media DNS

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2013-2185. Like ShellShock, the exploit for this vulnerability is present in many automated hacking tools. CVE-2013-2134.

Firewall

Firewall Authentication DNS Accountability

The ‘MartyMcFly’ investigation: Italian naval industry under attack

Security Affairs

NOVEMBER 14, 2018

The email message contains a pdf document named ”Marine_Engine_Spare__Parts_Order.pdf”, originally prepared from an Office document using “ Microsoft Word 2013 ” and then converted into PDF format using the “ Online2PDF.com ” online service. DNS requests intercepted. possible usage of “ Microsoft Word 2013 ”. Attachment.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Phishing

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. Each variant spotted by the experts was targeting different services and ports, including DNS over TCP (53), HTTP (80), HTTPS (443), Remote Desktop Protocol (3389) and Windows Remote Management (5985).

Manufacturing

Manufacturing Mobile Malware Software

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. Moreover, querying the services behind the latest associated DNS record the host responds with “403 Forbidden” message too, indicating the infrastructure may still be operative. Pierluigi Paganini.

Passwords

Passwords DNS Engineering Malware

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Security Affairs

JULY 1, 2019

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , is state-sponsored group that has been active since at least 2013. Experts at the security firm Cylance detected a new RAT dubbed Ratsnif that was used in cyber espionage operations conducted by the OceanLotus APT group.

Malware

Malware Advertising DNS Manufacturing

Iranian Threat Actors: Preliminary Analysis

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services. According to MITRE: “APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. CopyKittens.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Government

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. Each variant spotted by the experts was targeting different services and ports, including DNS over TCP (53), HTTP (80), HTTPS (443), Remote Desktop Protocol (3389) and Windows Remote Management (5985).

Malware

Malware Passwords Advertising DNS

DeathStalker targets legal entities with new Janicab variant

SecureList

DECEMBER 8, 2022

Janicab was first introduced in 2013 as malware able to run on MacOS and Windows operating systems. Despite it being an old malware family that dates back to 2013, not much public information has been available on it in recent years and we see that the threat actor kept developing and updating the malware code.

Malware

Malware DNS Engineering Internet

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

At each conference, we have a hack-a-thon: to create, prove, test, improve and finally put into production new or improved integrations. XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider.

Wireless

Wireless DNS Mobile Technology

How to Prevent SQL Injection Attacks

eSecurity Planet

MARCH 10, 2021

The least common of SQL injection attacks, the out-of-band method relies on the database server to make DNS or HTTP requests delivering data to an attacker. . . . Also Read: Apple White Hat Hack Shows Value of Pen Testers . Out-of-band. Testing for SQL Injection Vulnerabilities. Enforce Prepared Statements and Parameterization.

Penetration Testing

Penetration Testing Firewall Software Accountability

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme. Tabriz is a tireless advocate for ethical hacking.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

I first met Dan when he was literally saving the world; okay, at least saving the internet as we know it today by disclosing to the major ISPs in the world a flaw he’d found in the Domain Name System or DNS. It’s about challenging our expectations about people who hack for a living. I hope you stick around.

Software

Software Backups Computers and Electronics Technology

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

On April 7th, 2013, for instance, the most successful attack executed by Anonymous group using data leakage and DoS conditions against a huge number of Israeli websites was noted. According to media (see this link ), since the attack in 2013, the number of participants and supporters is decreasing. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware Cyber Attacks

APT trends report Q1 2021

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Malware

Malware Government Spyware Social Engineering

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

On April 7th, 2013, for instance, the most successful attack executed by Anonymous group using data leakage and DoS conditions against a huge number of Israeli websites was noted. According to media (see this link ), since the attack in 2013, the number of participants and supporters is decreasing. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1834 — French Telegraph System — A pair of thieves hack the French Telegraph System and steal financial market information, effectively conducting the world’s first cyberattack. 1870 — Switchboard Hack — A teenager hired as a switchboard operator is able to disconnect and redirect calls and use the line for personal usage. .

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Cyber Security Informer

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Trending Sources

French Firms Rocked by Kasbah Hacker?

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

China-linked Winnti APT targets South Korean Gaming firm

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Iran-linked COBALT DICKENS group targets universities in new phishing campaign

Financially motivated Earth Lusca threat actors targets organizations worldwide

Novidade, a new Exploit Kit is targeting SOHO Routers

Russia-linked InvisiMole APT targets state organizations of Ukraine

Threat actor has been targeting the aviation industry since at least 2018

CISA urges to fix multiple critical flaws in Juniper Networks products

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Russia-linked Gamaredon group targets Ukraine officials

Threat Trends: Firewall

The ‘MartyMcFly’ investigation: Italian naval industry under attack

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

A month later Gamaredon is still active in Eastern Europe

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Iranian Threat Actors: Preliminary Analysis

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

DeathStalker targets legal entities with new Janicab variant

Black Hat USA 2023 NOC: Network Assurance

How to Prevent SQL Injection Attacks

Top Cybersecurity Accounts to Follow on Twitter

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

APT trends report Q1 2021

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Stay Connected