2014, DNS and Information Security - Cyber Security Informer

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Malware Hacking

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records. Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure.

Authentication

Authentication System Administration DNS Hacking

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. “As a result these providers went down. .

DDOS

DDOS Encryption DNS Advertising

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. appeared first on Security Affairs. Pierluigi Paganini.

InfoSec

InfoSec DNS Advertising Marketing

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. But experts discovered that Microsoft did not take care of DNS entries for the sub-domains that for some reason it stops to update. ” states a report published by the security duo.

DNS

DNS Phishing Advertising Malware

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

FEBRUARY 18, 2020

To verify this I’ve sent a crafted payload which enable the remote server (incometaxindia.gov.in) to perform a DNS lookup on my burp collaborator. About the Author: Security Researcher Dhiraj Mishra ( @mishradhiraj ). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Original post at: [link].

DNS

DNS Advertising Government Hacking

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

Flaws in the BlueStacks Android emulator allows remote code execution and more

Security Affairs

JUNE 27, 2019

Other issues included information disclosure and a flaw that allowed attackers to steal backups of the VM and its data. In April, the researcher Nick Cano discovered that BlueStacks versions prior than v4.90.0.1046 are affected by a DNS rebinding vulnerability that allowed attackers to gain access to the emulator’s IPC functions.

DNS

DNS Backups Advertising Authentication

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. In some cases, users were infected with the Oski information-stealing malware. . 234.35.230 and 94 [. 103.82.249. washington.edu imageshack.us

Malware

Malware DNS Advertising Cryptocurrency

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Security Affairs

DECEMBER 19, 2020

The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details. At the time of this writing the Joker’s Stash’s.bazar,lib,emc,coin domains, which are all those accessible via blockchain DNS, are simply showing a “Server Not Found” message. .

DNS

DNS Cybercrime Hacking Information Security

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

This year, security experts at Avast have blocked more than 4.6 The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS

DNS Passwords Advertising Banking

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware Advertising DNS

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

“ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Encryption

Encryption Antivirus Advertising DNS

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors.

Adware

Adware DNS Advertising Malware

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

SEPTEMBER 25, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Cisco fixes 34 High-Severity flaws in IOS and IOS XE software appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, DoS).

Software

Software DNS Wireless Advertising

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking DNS Cryptocurrency Accountability

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications. Stage 2 Security researcher Waylon Grange first spotted the new Linux variant of Anchor_DNS in July and called it “Anchor_Linux.” ” explained Grange. Pierluigi Paganini.

DNS

DNS Banking Advertising Malware

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

The authorities want to ensure that the access to Russian Internet resources will be maintained also under attack, to do this, Russian experts are thinking a sort of DNS managed by Moscow. Currently, among the 12 organizations that oversee DNS base servers worldwide where isn’t an entity in Russia. and Yandex.ru

Internet

Internet Internet DNS Cyber Attacks

Cyber Defense Magazine – August 2019 has arrived. Enjoy it!

Security Affairs

AUGUST 1, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. These records are accessed via normal DNS queries or DNS-over-HTTPs ( DoH ) if the DNS query fails. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cybercrime

Cybercrime DNS Malware Advertising

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Security Affairs

JUNE 4, 2020

.” According to the Japanese security expert Masafumi Negishi, threat actors modified the primary DNS entry for the coincheck.com domain. ???????????? Coincheck uses Amazon’s managed DNS service, the attackers first registered a fake domain to the AWS server and replaced the legitimate awsdns-61.org NS ????????????

Accountability

Accountability Phishing DNS Cryptocurrency

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Security Affairs

OCTOBER 16, 2020

.” reads the post published by Damian Menscher, a Security Reliability Engineer for Google Cloud. “The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.” Pierluigi Paganini.

DDOS

DDOS Advertising DNS Engineering

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

“Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014. “Their attacks, which range from compromising DNS set tings and tabnabbing to creating watering holes and taking advantage of zero-days, have been nothing short of sophisticated.

Phishing

Phishing Accountability Advertising DNS

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

Others appear to be the infrastructure owned by the threat group, judging by multiple hostnames , DNS data, etc. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini. SecurityAffairs – hacking tools, RAT).

Hacking

Hacking Malware Advertising DNS

Cyber Defense Magazine – July 2019 has arrived. Enjoy it!

Security Affairs

JULY 1, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods. Now security researchers from Radware reported having discovered a new version of the Hoaxcalls botnet that is targeting an unpatched issue in the ZyXEL Cloud CNM SecuManager. . Both vulnerabilities have been rated as critical severity (i.e

DDOS

DDOS IoT Advertising DNS

DDoS Attack on Amazon Web Services caused intermittently outage

Security Affairs

OCTOBER 25, 2019

We're investigating reports of intermittent DNS resolution errors with Route 53 & our external DNS providers. According to the company status page, hackers were targeting the AWS DNS servers flooding them with junk network traffic. “We are investigating reports of occasional DNS resolution errors.

DDOS

DDOS DNS Advertising Engineering

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

The CAA security feature allows domain owners to prevent Certificate Authorities (CAs) to issue certificates for their domains. Domain owners can add a “CAA field” to their domain’s DNS records, this implies that only the CA included in this field can issue a TLS certificate for that domain. Pierluigi Paganini.

Encryption

Encryption Advertising DNS Software

Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack

Security Affairs

JUNE 26, 2019

When a DNS (CNAME) of a domain/subdomain is pointing to Azure cloud platform but has not been configured or linked to an active Azure account, any other Azure user can hijack it. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Hacking DNS Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Pierluigi Paganini.

Data breaches

Data breaches Advertising DNS Engineering

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Wireless

Wireless Advertising IoT DNS

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The threat actor behind the botnet used the new tool to hide the malicious process from process information programs such as `ps` and `lsof`and evading the detection. The libprocesshider open-source tool is available on Github since 2014 and is able to “hide a process under Linux using the ld preloader.”

Cryptocurrency

Cryptocurrency Cybercrime DNS Malware

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

The malware uses DNS and HTTP-based communication mechanisms. “Password spraying, DNS tunneling, social engineering, and abuse of security testing frameworks are common tactics, particularly from threat groups operating in the Middle East.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Passwords Penetration Testing Social Engineering

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs

JULY 15, 2020

Researchers pointed out that legitimate software doesn’t bypass Windows protections to escalate privileges utilize UAC bypass, doesn’t randomize its location or hide its name, doesn’t lack version negotiation protocols, and doesn’t attempt to override DNS records. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Software

Software Malware Banking Advertising

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Security Affairs newsletter Round 230 appeared first on Security Affairs. Pierluigi Paganini.

IoT

IoT Data breaches Advertising DNS

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

NCSC report warns of DNS Hijacking Attacks

Trending Sources

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

German encrypted email service Tutanota suffers DDoS attacks

Linksys force password reset to prevent Router hijacking

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Hundreds of Microsoft sub-domains open to hijacking

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Flaws in the BlueStacks Android emulator allows remote code execution and more

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

For nearly a year, Brazilian users have been targeted with router attacks

New Ttint IoT botnet exploits two zero-days in Tenda routers

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs - Untitled Article

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

TrickBot operators employ Linux variants in attacks after recent takedown

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Russia is going to disconnect from the internet as part of a planned test

Cyber Defense Magazine – August 2019 has arrived. Enjoy it!

Chinese-speaking cybercrime gang Rocke changes tactics

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Microsoft July 2020 Security Updates address 123 vulnerabilities

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Hackers use hackers spreading tainted hacking tools in long-running campaign

Cyber Defense Magazine – July 2019 has arrived. Enjoy it!

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

DDoS Attack on Amazon Web Services caused intermittently outage

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Dozens of Linksys router models leak data useful for hackers

TeamTNT group adds new detection evasion tool to its Linux miner

Lyceum APT made the headlines with attacks in Middle East

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs newsletter Round 230

Stay Connected