Security Affairs

NOVEMBER 4, 2020

Cyber Defense Magazine November 2020 Edition has arrived. SecurityAffairs – hacking, Cyber Defense Magazine November 2020 ). The post Cyber Defense Magazine – November 2020 has arrived. We hope you enjoy this month’s edition…packed with over 150 pages of excellent content. Always free, no strings attached.

InfoSec 135

InfoSec DNS Advertising Marketing 135

Security Affairs

JULY 14, 2020

Microsoft’s Patch Tuesday security updates for July 2020 addressed a 17-year-old wormable vulnerability for hijacking Microsoft Windows Server dubbed SigRed. Microsoft’s Patch Tuesday addressed a 17-year-old wormable vulnerability for hijacking Microsoft Windows Server tracked CVE-2020-1350 and dubbed SigRed.

DNS 95

DNS Advertising Malware Hacking 95

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments. telemetry. .

Malware 143

Malware DNS Retail Education 143

Security Affairs

JULY 15, 2020

Microsoft July 2020 addressed 123 security flaws across 13 products, including a 17-year-old wormable issue for hijacking Microsoft Windows Server dubbed SigRed. Microsoft July 2020 addressed 123 security vulnerabilities impacting 13 products, none of them has been observed being exploited in attacks in the wild.

DNS 93

DNS Advertising Engineering Internet 93

Security Affairs

JANUARY 14, 2021

Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. The campaign has been active at least since 2020, the attackers leverage remote access trojans to spy on their victims. . .” In the second half of 2020 alone they used 24 IP addresses.

Malware 139

Malware Surveillance Phishing Government 139

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software 122

Software Cryptocurrency Malware DNS 122

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software 123

Software Malware Banking Advertising 123

Security Affairs

MARCH 3, 2021

The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of the domain in September 2020. The Perl.com domain was hijacked in January 2021, but according to Brian Foy , senior editor of Perl.com, the attack took place months before, in September 2020. Pierluigi Paganini.

Social Engineering 123

Social Engineering Malware Hacking Engineering 123

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. I’d been doxed via DNS. Let’s just get this out of the way right now: It wasn’t me. krebsonsecurity[.]top

Hacking 363

Hacking Cybercrime DNS Internet 363

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS 145

DNS Internet Internet Malware 145

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. 48 percent found information-stealing malware activity.

DNS 88

DNS Phishing Ransomware Internet 88

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 118

Malware DNS Cryptocurrency Internet 118

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. the malware communicates with the C2 server through DNS Tunneling over HTTPS. .

Malware 124

Malware DNS Banking Hacking 124

Security Boulevard

AUGUST 6, 2024

Threat Intelligence Report Date: August 6, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain.

DNS 69

DNS Malware Social Engineering Engineering 69

Malwarebytes

JUNE 30, 2022

The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat actor behind it. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. DNS hijacking. SOHO routers.

Malware 109

Malware DNS Small Business Firmware 109

Security Affairs

MARCH 2, 2020

At the time of the report, the threat actor carried out a cyber espionage campaign by redirecting DNS traffic from domains owned by the Lebanon government to target entities in the country. The Malware is an Excel Document with a malicious macro embedded. Karkoff 2020: a new APT34 espionage operation involves Lebanon Government.

Government 110

Government Malware Advertising DNS 110

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 60

DNS Phishing Banking Passwords 60

SecureList

DECEMBER 18, 2020

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes. avsvmcloud[.]com”

DNS 76

DNS Telecommunications Malware Encryption 76

Security Affairs

APRIL 22, 2020

” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service. The analysis of the configuration file of malware allowed the identification of the intended target. ” continues the report.

DNS 144

DNS Malware Advertising Software 144

eSecurity Planet

JULY 1, 2022

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. Researchers believe ZuoRAT is a “heavily modified version of the Mirai malware.”

Malware 119

Malware DNS Antivirus Internet 119

SecureList

SEPTEMBER 29, 2021

In December 2020, news of the SolarWinds incident took the world by storm. The first malicious update was pushed to SolarWinds users in March 2020, and it contained a malware named Sunburst. One month later, we discovered interesting similarities between Sunburst and Kazuar , another malware family linked to Turla by Palo Alto.

DNS 140

DNS Malware Engineering Encryption 140

CyberSecurity Insiders

MAY 18, 2022

In 2020, the SolarWinds supply chain attack opened backdoors into thousands of organizations (including government agencies) that used its services, while late last year, the far-reaching Log4J exploit exploded onto the scene. When malware first breaches a network, it doesn’t make its presence known right away.

DNS 140

DNS Cybersecurity CISO Social Engineering 140

Security Affairs

SEPTEMBER 26, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Internet 128

Internet Internet DNS Telecommunications 128

Security Affairs

APRIL 13, 2021

Security experts disclosed nine flaws, collectively tracked as NAME:WRECK, affecting implementations of the DNS protocol in popular TCP/IP network communication stacks. “The widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface.” ” ù.

DNS 117

DNS Advertising Hacking Ransomware 117

Webroot

MARCH 29, 2021

An endpoint DNS solution could have stopped the Trojanized Orion version by refusing to resolve the domain names of the command-and-control servers, again disrupting the infection to the point that no real damage could be done. DNS security solutions are one way of addressing this risk.

Hacking 137

Hacking DNS Firewall Malware 137

Security Boulevard

NOVEMBER 4, 2021

Since the onset of the pandemic, cyberattackers have increasingly looked to leverage DNS channels to steal data, launch DDoS attacks and deploy malware—and the cost of these attacks is rising. According to IDC’s 2020 Global DNS Threat Report, the average cost of such an attack is now approaching $1 million, and impacts can range from.

DNS 52

DNS DDOS Threat Reports Malware 52

Security Affairs

JUNE 20, 2024

The threat actors used tools associated with Chinese espionage groups, they planted multiple backdoors on the networks of targeted companies to steal credentials. “The attacks have been underway since at least 2021, with evidence to suggest that some of this activity may even date as far back as 2020. ” concludes the report.”

DNS 134

DNS Malware Media Encryption 134

Security Affairs

APRIL 24, 2020

The Hoaxcalls was first spotted in April by researchers from Palo Alto Networks, it borrows the code from Tsunami and Gafgyt botnets and it is targeting CVE-2020-5722 and CVE-2020-8515 flaws respectively affecting Grandstream UCM6200 series devices and Draytek Vigor routers. Both vulnerabilities have been rated as critical severity (i.e

DDOS 139

DDOS IoT Advertising DNS 139

Security Affairs

JUNE 24, 2021

The name ChaChi comes from two key components of the malware, Cha shell and Chi sel. Chashell is a reverse shell over DNS provider, while Chisel is a port-forwarding tool. ChaChi has been first observed in the wild in the first half of 2020, but cybersecurity experts underestimated it. ” . .

Ransomware 144

Ransomware Education DNS Backups 144

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

Security Affairs

JANUARY 19, 2021

The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands. CVE-2020-7961 – Java unmarshalling flaw via JSONWS in Liferay Portal (in versions prior to 7.2.1 CE GA2) (disclosed on March 20, 2020).

DDOS 144

DDOS DNS Malware Internet 144

SecureList

JULY 25, 2022

Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. One of our industry partners, Qihoo360, published a blog post about an early variant of this malware family in 2017. This could be achieved through a precursor malware implant already deployed on the computer or physical access (i.e.,

Firmware 145

Firmware DNS Malware Technology 145

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . The researchers started investigating the threat after they became aware that the malware was disabling and uninstalling its antivirus from infected devices. ” continues the report.

Antivirus 143

Antivirus Cryptocurrency Malware Software 143

Security Affairs

MARCH 16, 2021

Experts noticed that the malware also downloads more shell scripts that retrieve brute-forcers that could be used to target devices protected with weak passwords. “The attacks are still ongoing at the time of this writing. “The attacks are still ongoing at the time of this writing.

Wireless 137

Wireless IoT DNS VPN 137

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. Before that, the resume says he was operations manager of TikTok’s Middle East and North Africa region for approximately seven months ending in April 2020.

Accountability 292

Accountability Advertising Marketing Malware 292

SecureList

MARCH 10, 2021

Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. In the latest campaign, we have seen several apps impersonated by the malware: the ad blockers AdShield and Netshield, as well as the OpenDNS service. Number of users attacked, August 2020 – February 2021 ( download ).

DNS 145

DNS Antivirus Malware Encryption 145

Security Affairs

MARCH 17, 2022

Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections.

Malware 131

Malware DNS Ransomware Passwords 131