2014 and DNS - Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. PASSIVE DNS.

DNS

DNS Internet Internet Government

What Is DNS And Why Should Your Business Care?

Adam Levin

MARCH 21, 2019

Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. Today, less than 20% of DNS traffic is secured by DNSSEC, and only three percent of Fortune 1,000 companies have implemented it.

DNS

DNS Government Internet Internet

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

Hackers defaced Linux.org with DNS hijack

Security Affairs

DECEMBER 10, 2018

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings. “This evening someone got into my partner’s netsol account and pointed linux.org DNS to their own cloudflare account. DNS was simply pointing to another box.”

DNS

DNS Accountability Advertising Authentication

Analyzing OilRig’s malware that uses DNS Tunneling

Security Affairs

APRIL 18, 2019

Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals.

DNS

DNS Malware Advertising Hacking

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Advertising Telecommunications

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Malware Advertising DDOS

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Malware Hacking

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records. Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure.

Authentication

Authentication System Administration DNS Hacking

DNS Hijacking targets Brazilian financial institutions

Security Affairs

AUGUST 12, 2018

Crooks are targeting DLink DSL modem routers in Brazil to redirect users to fake bank websites by carrying out DNS hijacking. Crooks are targeting DLink DSL modem routers in Brazil to redirect users to fake bank websites by changing the DNS settings. D-Link DSL-2740R / Unauthenticated Remote DNS Change Exploit [link].

DNS

DNS Banking Advertising Mobile

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. “As a result these providers went down. .

DDOS

DDOS Encryption DNS Advertising

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability

Accountability Advertising Marketing Malware

Security firm released Singularity, an open source DNS Rebinding attack tool

Security Affairs

AUGUST 21, 2018

Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks. Pierluigi Paganini.

DNS

DNS Penetration Testing Advertising Authentication

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

HYAS said it quickly notified the French national computer emergency team and the FBI about its findings, which pointed to a dynamic domain name system (DNS) provider on which the purveyors of this attack campaign relied for their various malware servers. In this two-hour Arabic language YouTube tutorial from 2014 , Fatal.001

DNS

DNS Penetration Testing Malware Hacking

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Pierluigi Paganini.

Passwords

Passwords DNS Malware Advertising

BIND DNS software includes a security feature that could be abused to cause DoS condition

Security Affairs

AUGUST 9, 2018

The Internet Systems Consortium (ISC) announced the presence of a serious flaw in the BIND DNS software that can be exploited by remote attackers to cause a denial-of-service (DoS) condition. The “deny-answer-aliases” feature is was implemented to help recursive server operators protect users against DNS rebinding attacks.

DNS

DNS Software Advertising Internet

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

FEBRUARY 24, 2019

“The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

Internet

Internet Internet DNS Telecommunications

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. But experts discovered that Microsoft did not take care of DNS entries for the sub-domains that for some reason it stops to update. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Phishing Advertising Malware

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

FEBRUARY 18, 2020

To verify this I’ve sent a crafted payload which enable the remote server (incometaxindia.gov.in) to perform a DNS lookup on my burp collaborator. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Original post at: [link].

DNS

DNS Advertising Government Hacking

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

“The technique relies on a DNS Tunneling communication channel through a custom implementation of the iodine source code , an open-source software that enables the tunneling of IPv4 data through a DNS server. Experts also highlighted the use of DNS tunneling for C2 communication. ” continues the report.

DNS

DNS Malware Advertising Software

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

InfoSec

InfoSec DNS Advertising Marketing

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

Flaws in the BlueStacks Android emulator allows remote code execution and more

Security Affairs

JUNE 27, 2019

In April, the researcher Nick Cano discovered that BlueStacks versions prior than v4.90.0.1046 are affected by a DNS rebinding vulnerability that allowed attackers to gain access to the emulator’s IPC functions. Other issues included information disclosure and a flaw that allowed attackers to steal backups of the VM and its data.

DNS

DNS Backups Advertising Authentication

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Experts from BleepingComputer reported that attackers would change the configured DNS servers to 109 [. 234.35.230 and 94 [. 103.82.249. com winimage.com.

Malware

Malware DNS Advertising Cryptocurrency

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Attackers used a new method of phishing with malicious mobile configurations along with previously observed DNS manipulation technique. In late February 2019, experts detected a URL query of a malicious DNS changer that attackers used to compromise router DNS settings. Pierluigi Paganini.

DNS

DNS Mobile Phishing Malware

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors. Pierluigi Paganini.

Adware

Adware DNS Advertising Malware

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). Contest: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran.

DNS

DNS Computers and Electronics Penetration Testing Government

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Security Affairs

DECEMBER 19, 2020

The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details. At the time of this writing the Joker’s Stash’s.bazar,lib,emc,coin domains, which are all those accessible via blockchain DNS, are simply showing a “Server Not Found” message. .

DNS

DNS Cybercrime Hacking Information Security

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

“ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. and FortiClient for Mac before 6.2.2.

Encryption

Encryption Antivirus Advertising DNS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware Advertising DNS

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Security Affairs

JANUARY 19, 2019

The main communication channel with the C2 server is the DNS tunneling. “The x_mode command is disabled by default, but when enabled via a command received from the DNS tunneling channel, it allows RogueRobin to receive a unique identifier and to get jobs by using Google Drive API requests.” gogle [. ] Pierluigi Paganini.

DNS

DNS Penetration Testing Malware Advertising

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

SEPTEMBER 25, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Two vulnerabilities can allow authenticated attackers with local access to the target devices to execute arbitrary code. Pierluigi Paganini. SecurityAffairs – hacking, DoS).

Software

Software DNS Wireless Advertising

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

SEPTEMBER 26, 2024

Department of Justice (DOJ) today unsealed an indictment against a 38-year-old man from Novosibirsk, Russia for allegedly operating Joker’s Stash, an extremely successful carding shop that came online in late 2014. Joker’s sold cards stolen in a steady drip of breaches at U.S.

Cryptocurrency

Cryptocurrency Cybercrime Retail Government

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking DNS Cryptocurrency Accountability

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications. ” “The actors behind Trickbot, a high profile banking trojan, have recently developed a Linux port of their new DNS command and control tool known as Anchor_DNS.”

DNS

DNS Banking Advertising IoT

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

. “At this point, we believe this to be an email phishing incident in which an unauthorized third party used a third-party system to generate an email campaign to deliver what we believe to be a banking trojan,” said Dan Higgins , UR’s chief information officer.

Phishing

Phishing Marketing Accountability DNS

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

What Is DNS And Why Should Your Business Care?

Trending Sources

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Hackers defaced Linux.org with DNS hijack

Analyzing OilRig’s malware that uses DNS Tunneling

DHS issues emergency Directive to prevent DNS hijacking attacks

NCSC report warns of DNS Hijacking Attacks

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Some Zyxel devices can be hacked via DNS requests

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

DNS Hijacking targets Brazilian financial institutions

German encrypted email service Tutanota suffers DDoS attacks

Who’s Behind the Botnet-Based Service BHProxies?

Security firm released Singularity, an open source DNS Rebinding attack tool

French Firms Rocked by Kasbah Hacker?

Linksys force password reset to prevent Router hijacking

BIND DNS software includes a security feature that could be abused to cause DoS condition

ICANN warns of large-scale attacks on Internet infrastructure

Hundreds of Microsoft sub-domains open to hijacking

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

China-linked Winnti APT targets South Korean Gaming firm

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Flaws in the BlueStacks Android emulator allows remote code execution and more

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

For nearly a year, Brazilian users have been targeted with router attacks

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs - Untitled Article

Iran-linked APT34: Analyzing the webmask project

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Some Fortinet products used hardcoded keys and weak encryption for communications

New Ttint IoT botnet exploits two zero-days in Tenda routers

DarkHydrus adds Google Drive support to its RogueRobin Trojan

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

TrickBot operators employ Linux variants in attacks after recent takedown

Phishers are Angling for Your Cloud Providers

Stay Connected