2013, DNS and Information Security - Cyber Security Informer

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

A core part of the way these things find each other involves a Windows feature called “ DNS name devolution ,” a kind of network shorthand that makes it easier to find other computers or servers without having to specify a full, legitimate domain name for those resources. ” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

CISA urges to fix multiple critical flaws in Juniper Networks products

Security Affairs

JULY 16, 2022

affects nginx resolver and can allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. some of them date back 2013. . some of them date back 2013. The most severe flaw, tracked as CVE-2021-23017 (CVSS score 9.4)

DNS

DNS Network Security Hacking Software

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. The LoadEdge backdoor maintains persistence through the Windows registry.

Spyware

Spyware DNS Phishing Government

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent. They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.”

DNS

DNS Advertising Spyware Software

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

” Evidence collected by the experts suggests that the threat actor has been active at least since 2013. “Many actors can have limited technical knowledge but still be able to operate RATs or information-stealers, posing a significant risk to large corporations given the right conditions.

Malware

Malware Phishing DNS Cybercrime

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer.

Manufacturing

Manufacturing Mobile Malware Software

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. used by the Chinese Winnti cyberespionage group to gain persistence on Microsoft SQL Server systems.

Malware

Malware Passwords Advertising DNS

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. Moreover, querying the services behind the latest associated DNS record the host responds with “403 Forbidden” message too, indicating the infrastructure may still be operative.

Passwords

Passwords DNS Engineering Malware

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Phishing: What Everyone in Your Organization Needs to Know

NopSec

FEBRUARY 15, 2017

The attacker may utilize a website such as nwtools.com to look through the target organization’s DNS records. The FBI estimates that from October 2013 to February 2016, whaling attacks were attributed to $2.3 Whaling attacks may be the most costly and damaging of the three types. billion in losses. Who’s Being Targeted?

Phishing

Phishing Social Engineering Engineering Healthcare

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Read more: Top IT Asset Management Tools for Security. With deep industry experience, Jeremiah Grossman was the Information Security Officer for Yahoo!,

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

us began in September 2013 as a forum for learning and teaching how to hack accounts at Runescape, an MMORPG set in a medieval fantasy realm where players battle for kingdoms and riches. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com An administrator account Xerx3s on Abusewithus.

Hacking

Hacking Accountability Data breaches Marketing

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

On April 7th, 2013, for instance, the most successful attack executed by Anonymous group using data leakage and DoS conditions against a huge number of Israeli websites was noted. According to media (see this link ), since the attack in 2013, the number of participants and supporters is decreasing. About the author Pedro Tavares.

Ransomware

Ransomware Encryption Malware Cyber Attacks

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

On April 7th, 2013, for instance, the most successful attack executed by Anonymous group using data leakage and DoS conditions against a huge number of Israeli websites was noted. According to media (see this link ), since the attack in 2013, the number of participants and supporters is decreasing. About the author Pedro Tavares.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber Security Informer

Local Networks Go Global When Domain Names Collide

CISA urges to fix multiple critical flaws in Juniper Networks products

Trending Sources

Russia-linked InvisiMole APT targets state organizations of Ukraine

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Financially motivated Earth Lusca threat actors targets organizations worldwide

Threat actor has been targeting the aviation industry since at least 2018

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

A month later Gamaredon is still active in Eastern Europe

Black Hat USA 2023 NOC: Network Assurance

Phishing: What Everyone in Your Organization Needs to Know

Top Cybersecurity Accounts to Follow on Twitter

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Stay Connected