Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS 145

DNS Internet Internet Malware 145

Security Affairs

SEPTEMBER 26, 2024

internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.”

Internet 137

Internet Internet DNS Telecommunications 137

Krebs on Security

SEPTEMBER 1, 2021

based Internet address for more than a decade — simply vanished. Using services like VIP72, customers can select network nodes in virtually any country, and relay their traffic while hiding behind some unwitting victim’s Internet address. The domain Vip72[.]org “ Haxdoor ,” and “ Nuclear Grabber.”

Malware 311

Malware Cybercrime Internet Internet 311

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook.

DNS 144

DNS Firmware VPN Risk 144

Security Affairs

SEPTEMBER 14, 2021

Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively exploited in targeted attacks aimed at Microsoft Office and Office 365 on Windows 10 computers.

DNS 132

DNS Internet Internet Hacking 132

Cisco Security

AUGUST 12, 2021

Cisco Secure returned as a supporting partner of the Black Hat USA 2021 Network Operations Center (NOC) for the 5 th year ; joining conference producer Informa Tech and its other security partners. Threat hunting is a core mission of the Cisco Secure team, while monitoring the DNS activity for potentially malicious activity.

DNS 137

DNS Firewall Malware Phishing 137

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. Upon investigating the incidents, the researchers determined that a DNS poisoning attack at the ISP level caused the infection. The company linked the attacks to StormBamboo APT group.

Malware 145

Malware DNS Firewall Software 145

Security Affairs

DECEMBER 19, 2022

The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.

DNS 120

DNS Antivirus Cryptocurrency Software 120

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. Registry Expiry Date: 2021-03-26T23:59:59.0Z Circumvention of Internet blocking. Domain Name: URLBLOCKED.PW

Internet 121

Internet Internet Telecommunications DNS 121

McAfee

DECEMBER 10, 2021

Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. This includes products from internet giants such as Apple iCloud, Steam, Samsung Cloud storage, but thousands of additional products and services will likely be vulnerable. What is it?

DNS 125

DNS Architecture Internet Internet 125

Security Affairs

OCTOBER 4, 2021

John Graham-Cumming , CTO at Cloudflare, reported that some minutes before Facebook’s DNS outage began they observed a large number of BGP changes for Facebook’s ASN a circumstance that suggests BGP routing problems. pic.twitter.com/dMTevg6hqj — John Graham-Cumming (@jgrahamc) October 4, 2021. Relax everyone.

DNS 137

DNS Internet Internet Security Awareness 137

Cisco Security

NOVEMBER 29, 2021

It was so amazing to return to London for the Black Hat Europe 2021 Network Operations Center (NOC). Because of this, it allows the owner elevated privileges: Granting them the ability install DNS, Global Proxies and many other capabilities. Again, wiping 70 devices ( Black Hat USA 2021 had 300 devices!)

DNS 123

DNS Malware Mobile Firewall 123

Krebs on Security

FEBRUARY 26, 2023

We don’t know much about the source of the November 2021 incident, other than GoDaddy’s statement that it involved a compromised password, and that it took about two months for the company to detect the intrusion. Thus, the second factor cannot be phished, either over the phone or Internet.

Hacking 309

Hacking Social Engineering Phishing Scams 309

eSecurity Planet

AUGUST 13, 2021

This article looks at the top digital forensic software tools of 2021 and what customers should consider when buying or acquiring a DSF tool. Best Digital Forensics Software Tools of 2021. In 2021, the India-based provider works in over 70 countries with more than 400 clients, including the NIST, NASA, and Wells Fargo.

Software 139

Software Computers and Electronics Marketing Mobile 139

The Last Watchdog

AUGUST 27, 2018

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

DDOS 255

DDOS IoT Digital transformation Internet 255

Malwarebytes

APRIL 13, 2021

A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Yes, the researchers found 9 DNS-related vulnerabilities that have the potential to allow attackers to take targeted devices offline or to gain control over them. Basically, you could say DNS is the phonebook of the internet.

IoT 105

IoT DNS Internet Internet 105

SecureList

MAY 31, 2021

For example, before making the first internet connection to its C2s, the Sunburst malware lies dormant for up to two weeks, preventing easy detection of this behaviour in sandboxes. Out of the 18,000 Orion IT customers affected by the malware, it seems that only a handful were of interest to the attackers.

Malware 137

Malware Adware Encryption Architecture 137

Security Affairs

MARCH 10, 2021

Microsoft’s March Patch Tuesday security updates address 89 vulnerabilities in its products, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, Visual Studio, and Windows Hyper-V.

Internet 129

Internet Internet DNS Hacking 129

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. LinkedIn finds this same altugsara[.]com

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Malwarebytes

OCTOBER 5, 2021

The Internet is a patchwork of hundreds of thousands of separate networks, called Autonomous Systems, that are stitched together with BGP. To route data across the Internet, Autonomous Systems need to know which IP addresses other Autonomous Systems either control or can route traffic to. Thankfully, it withstood the onslaught.

DNS 145

DNS Internet Internet Mobile 145

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. A review of the Internet addresses historically used by Super-socks[.]biz Image: Spur.us.

Malware 298

Malware Cybercrime Internet Internet 298

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS 62

DNS Phishing Ransomware Internet 62

Security Boulevard

OCTOBER 2, 2023

This blog examines the escalating phishing landscape, shortcomings of common anti-phishing approaches, and why implementing a Protective DNS service as part of a layered defense provides the most effective solution. In 2021 alone, estimated adjusted losses from BEC totaled $2.4 This is where Protective DNS comes in.

DNS 64

DNS Phishing Social Engineering Engineering 64

Malwarebytes

SEPTEMBER 15, 2021

The September 2021 Patch Tuesday could be remembered as the final patching attempt in the PrintNightmare… nightmare. This month, Microsoft patched the remaining Print Spooler vulnerabilities under CVE-2021-36958. It was listed as CVE-2021-40444 , a Remote Code Execution (RCE) vulnerability in Microsoft MSHTML.

DNS 137

DNS Risk Authentication Internet 137

Security Affairs

APRIL 24, 2021

— Marc Rogers (@marcwrogers) April 24, 2021. He is best known for his study on DNS cache poisoning and for his investigation into the Sony Rootkit attacks. On June 16, 2010, he was named by Internet Corporation for Assigned Names and Numbers (ICANN) as one of the Trusted Community Representatives for the DNSSEC root.

Cybersecurity 145

Cybersecurity InfoSec DNS Hacking 145

The Last Watchdog

JULY 11, 2022

Much of the hard evidence came from correlating breached databases sitting in the open Internet. Statistically, every US internet user has lost 27 data points on average to online breaches, most of them emails, passwords and usernames. Data scientists sorted through 27,000 leaked databases and created 5 billion combinations of data.

VPN 229

VPN Data breaches Internet Internet 229

McAfee

DECEMBER 22, 2021

CVE-2021-44228 – Apache Releases Log4j Version 2.15.0 A full technical analysis can be found here: McAfee Advanced Threat Research: Log4Shell Vulnerability is the Coal in our Stocking for 2021. KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution. Attack Chain and Defensive Architecture.

Malware 98

Malware Risk Internet Internet 98

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. In October 2021, Microsoft observed the group conducting intelligence gathering aligned with strategic Turkish interests. . Reduce the number of systems that can be reached over internet using SSH. Enable 2FA on all externally exposed accounts.

Media 143

Media Accountability Telecommunications Government 143

Security Affairs

FEBRUARY 5, 2021

In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware, Palo Alto Networks warns. The malware connects to the command and control (C&C) server via a tmate reverse shell and an Internet Relay Chat (IRC) channel. aws/credentials and ~/.aws/config

Malware 129

Malware DNS Cryptocurrency Internet 129

Security Affairs

JANUARY 19, 2021

CVE-2021-3007 – deserialization flaw that affects the Zend Framework (disclosed on January 3, 2021). Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker. DDOS and Flooding – HTTP, DNS, SYN Self-implementation of Slowlaris.

DDOS 145

DDOS DNS Malware Internet 145

Malwarebytes

MARCH 31, 2021

The Domain Name System ( DNS ) translates domain names used by people, like blog.malwarebytes.com into the IP addresses used by computers, like 130.211.198.3. The DNS system is often compared to a phone book where you can look up a person’s name to find their phone number. CVE-2021-28918. For that we can use either 0.0.0.0

DNS 126

DNS Authentication Internet Internet 126

McAfee

DECEMBER 1, 2021

CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” PAN GlobalProtect VPN: CVE-2021-3064 . Absence of “in-the-wild” exploitation aside, we should also be grateful that the number of people who should care is rapidly dwindling (an ever-present theme of 2021). What is it? .

DNS 90

DNS Firewall VPN Internet 90

Security Affairs

AUGUST 22, 2021

million customers Adobe addresses two critical vulnerabilities in Photoshop Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Kalay cloud platform flaw exposes millions of IoT devices to hack Fortinet FortiWeb OS Command Injection allows takeover servers remotely 1.9

Data breaches 112

Data breaches Mobile Ransomware Hacking 112

Cisco Security

MARCH 16, 2021

Hiding internet activity strengthens privacy—but also makes it easier for bad actors to infiltrate the network. In this blog I’ll describe two recent privacy advances—DNS over HTTPS (DoH) and QUIC—and what we’re doing to maintain visibility. Keeping your destination private: DNS over HTTPS. DoH prevents both of these problems.

Encryption 86

Encryption DNS Threat Detection Internet 86

eSecurity Planet

JANUARY 14, 2022

Research by Cisco estimates the volume of DDoS attacks will surge from more than 10 million in 2021 up to 15 million by 2023. Meanwhile, the 2021 State of the Data Center Industry research report placed DDoS behind ransomware as the threats that most worry the enterprise. The most recent wave happened in December 2021.

DDOS 126

DDOS DNS Firewall Media 126

Cisco Security

AUGUST 11, 2021

We looked at REvil, also known as Sodinokibi or Sodin, earlier in the year in a Threat Trends blog on DNS Security. In it we talked about how REvil/Sodinokibi compromised far more endpoints than Ryuk, but had far less DNS communication. However, when revisiting these metrics, we noticed that this changed in the beginning of 2021.

Ransomware 128

Ransomware DNS Encryption Backups 128

Security Boulevard

DECEMBER 11, 2021

On November 30, 2021 , the Apache log4j2 team became aware of a bug that would allow injection of malicious input that could allow for remote code execution. It was only on December 9, 2021 that the security community largely became aware of this finding and the far reaching impacts of it. Identifying if your server is attackable?

DNS 134

DNS Internet Internet Accountability 134