Krebs on Security

DECEMBER 8, 2020

Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

DNS 332

DNS Backups Malware Software 332

Security Boulevard

JANUARY 26, 2022

Note: This OSINT analysis has been originally published at my current employer's Web site - [link] where I'm currently acting as a DNS Threat Researcher since January, 2021. . Election 2016 campaign in terms of malicious activity and offer practical and relevant including actionable threat intelligence on their whereabouts.

Accountability 96

Accountability DNS Phishing Social Engineering 96

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software 124

Software Malware Banking Advertising 124

Security Affairs

AUGUST 1, 2024

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. ” continues the report.

DNS 124

DNS Accountability Risk Hacking 124

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency 111

Cryptocurrency Malware Ransomware Cybercrime 111

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Leaked Source code.

DNS 108

DNS Computers and Electronics Penetration Testing Government 108

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records.

Cybercrime 92

Cybercrime DNS Malware Advertising 92

Security Affairs

MARCH 17, 2022

Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections.

Malware 132

Malware DNS Ransomware Passwords 132

Security Affairs

JULY 23, 2019

The attackers demonstrated an increasing level of sophistication across the years, they used custom-malware and various exploits in their attacks. Experts discovered that since December 2016, the APT15 group has been using the previously undocumented backdoor dubbed Okrum. ” continues the report.

Malware 110

Malware DNS Advertising Manufacturing 110

SecureList

JULY 25, 2022

Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. One of our industry partners, Qihoo360, published a blog post about an early variant of this malware family in 2017. This could be achieved through a precursor malware implant already deployed on the computer or physical access (i.e.,

Firmware 145

Firmware DNS Malware Technology 145

Security Affairs

JANUARY 20, 2022

.” TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. Operators continue to offer the botnet through a multi-purpose malware-as-a-service (MaaS) model. ” continues the report. ” continues the report.

Ransomware 130

Ransomware Banking Malware Encryption 130

Security Affairs

APRIL 13, 2021

Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks. CVE-2016-20009 IPnet – stack-based overflow on the message decompression function Message compression RCE 9.8 ” reads the analysis published by Forescout.

DNS 118

DNS Advertising Hacking Ransomware 118

Security Affairs

OCTOBER 28, 2020

According to a new report published by researchers from security firm Netscout , TrickBot’s operators have started to use a new variant of their malware in an attempt to Linux systems and expand the list of its targets. “Often delivered as part of a zip, this malware is a lightweight Linux backdoor.

DNS 110

DNS Banking Advertising Malware 110

Security Affairs

FEBRUARY 23, 2019

A user reported that its D-Link DNS-320 device was infected by malicious code. The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware 111

Ransomware DNS Firmware Encryption 111

Security Affairs

OCTOBER 20, 2021

The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network. .

Telecommunications 137

Telecommunications Mobile Hacking Architecture 137

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 111

Malware Financial Services DNS Retail 111

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. This malware employed a custom EternalBlue SMBv1 exploit to infiltrate its victims’ systems.

Malware 145

Malware DNS Encryption Ransomware 145

Malwarebytes

MAY 5, 2022

The technique is really simple as it only requires an email account that sends messages to itself containing stolen credentials for each victim that executed the malware on their computer. Fast forward to 2020, and the threat actor has graduated to malware distributor. Test successful! ” from the same machine. titan.email (.pw

Malware 92

Malware Scams Phishing Accountability 92

Security Affairs

MARCH 20, 2020

The group was involved also in the string of attacks that targeted 2016 Presidential election. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. ” reads the report published by Trend Micro. .

Phishing 145

Phishing Accountability Advertising DNS 145

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. It is not a TXT request.

DNS 111

DNS Computers and Electronics Penetration Testing Government 111

Security Affairs

JULY 1, 2019

“Compared to the 2016 variants this sample introduces a configuration file and does not rely on C2 for operation. ” In previous attacks, OceanLotus hackers used both custom malware with commercially-available tools, like Cobalt Strike. .” reads the analysis published by Cylance. ” continues the analysis.

Malware 85

Malware Advertising DNS Manufacturing 85

Security Affairs

OCTOBER 29, 2020

TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications.

Healthcare 145

Healthcare Ransomware Cybercrime Advertising 145

McAfee

SEPTEMBER 14, 2021

A special thanks to our Professional Services’ IR team, ShadowServer , for historical context on C2 domains, and Thomas Roccia /Leandro Velasco for malware analysis support. McAfee customers are protected from the malware/tools described in this blog. The malware also decrypts and injects the payload in memory.

Malware 144

Malware DNS Accountability Manufacturing 144

Cisco Security

DECEMBER 22, 2022

Cisco Umbrella : DNS visibility and security. Cisco Secure Malware Analytics (Formerly Threat Grid): for sandboxing and integrated threat intelligence. Since joining the Black Hat NOC in 2016, my goal remains integration and automation. NetWitness extracted the payload and sent it to Secure Malware Analytics for detonation.

DNS 103

DNS Malware Accountability Wireless 103

Security Affairs

OCTOBER 16, 2020

. “The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.” Experts noticed that this attack is bigger than the 2.3 Tbps DDoS attack mitigated by Amazon’s AWS in February.

DDOS 125

DDOS Advertising DNS Engineering 125

Security Affairs

OCTOBER 26, 2018

Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs ), about how crooks could abuse blockchain for malicious purposes. Added Paganini.

DNS 111

DNS Malware Advertising Technology 111

Security Affairs

JUNE 24, 2024

Members of the ExCobalt group have been active since at least 2016, the researchers believe that the group is linked to the notorious Cobalt Gang. For secure communication, operators employ DNS/ICMP tunneling, WSS, and QUIC protocols. The communication between GoRed and its C2 server relies on the RPC protocol.

Cybercrime 118

Cybercrime Telecommunications DNS Technology 118

SecureList

SEPTEMBER 21, 2023

The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Statista portal predicts their number will exceed 29 billion by 2030. Tested, tried.

IoT 137

IoT DDOS Passwords Malware 137

Security Affairs

AUGUST 29, 2023

The attackers attempted to verify outbound network connectivity with a ping command and executed host commands for a subnet-wide DNS lookup. 189) for malware staging and a second C2 IP (85.239.53[.]49) Network-segmentation controls blocked this activity too. Threat actors also use a C2 IP address (45.66.248[.]189)

VPN 126

VPN Ransomware DNS Malware 126

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. But what kind of malware is this Elknot Trojan? This malware is an update and reuse from the Elknot’s malware source code.

DDOS 110

DDOS Malware Encryption Penetration Testing 110

SecureList

DECEMBER 1, 2023

To exfiltrate data and deliver next-stage malware, the attackers abuse cloud-based data storage, such as Dropbox or Yandex Disk, as well as a temporary file sharing service. The postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as statements by activists.

Malware 138

Malware Ransomware Encryption Energy and Utilities 138

Malwarebytes

APRIL 6, 2023

Act I: Humble Beginnings (2008 - 2012) In the late 2000s, Malwarebytes tiptoed into the business sector with corporate licensing for its consumer anti-malware product. “We’re carving out a new space in endpoint security by offering a solution that protects enterprises from zero-day malware incidents that AVs struggle to detect.”

Cybersecurity 84

Cybersecurity Malware Cyber threats Small Business 84

Cisco Security

OCTOBER 19, 2021

There are other protection mechanisms, such as Malware Defense , that can block further threats. Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2016-3081. CVE-2016-3087.

Firewall 145

Firewall Authentication DNS Accountability 145

SecureList

MAY 27, 2022

Our analysis of the rogue firmware, and other malicious artefacts from the target’s network, revealed that the threat actor behind it had tampered with the firmware to embed malware that we call MoonBounce. On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine. Roaming Mantis reaches Europe.

Phishing 133

Phishing Spyware Firmware Malware 133

SecureList

JANUARY 13, 2022

BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. Abusing a dccw.exe file is a known technique and we suspect the malware authors used it to run the next stage malware with high privilege. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Lenny Zeltser

MAY 3, 2019

campaigns from around 2016. Modern applications support features that attackers can abuse to install malware on your system. Use modern, reputable anti-malware software. Lock down domain registrar and DNS settings. To understand the basis for these recommendations, read the documents mentioned at the end of the post.

Cybersecurity 111

Cybersecurity Social Engineering Authentication Software 111

eSecurity Planet

DECEMBER 17, 2021

Continuous monitoring of unsanctioned applications, malware , security policies, and more. Multiple security layers to protect against cloud threats and malware. For the Forrester Wave for Cloud Security Gateways, Imperva was a Contender in 2016 and 2017, and Forcepoint was a Strong Performer in 2021. Censornet Features.

Risk 141

Risk Firewall Authentication Encryption 141