DNS, Hacking and Information Security - Cyber Security Informer

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. By July 2023 kits could dynamically load phishing pages based on DNS MX records.

DNS

DNS Phishing Banking Passwords

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Government

Palo Alto Networks fixed a high-severity PAN-OS flaw

Security Affairs

DECEMBER 27, 2024

“A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. The vulnerability can be exploited only if DNS Security logging is enabled.

DNS

DNS Firewall Spyware Software

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 6, 2024

The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb ) affects dns/views.py “getresetstatus in dns/views.py “getresetstatus in dns/views.py The vulnerability was exploited in a large-scale hacking campaign that targeted more than 22,000 CyberPanel instances. and ftp/views.py. and ftp/views.py

DNS

DNS Authentication Ransomware Hacking

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide. ” concludes the report.

DNS

DNS Firewall DDOS Hacking

TsuNAME flaw exposes DNS servers to DDoS attacks

Security Affairs

MAY 9, 2021

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named TsuNAME, in some DNS resolvers. queries/s).” queries/s).”

DNS

DNS DDOS Hacking Information Security

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. “In short, B1txor20 is a Backdoor for the Linux platform, which uses DNS Tunnel technology to build C2 communication channels. In this way, Bot and C2 achieve communication with the help of DNS protocol.”

DNS

DNS Malware Technology Encryption

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

BIND updates fix four high-severity DoS bugs in the DNS software suite

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. In BIND 9 versions 9.18.1 S1 through 9.18.27-S1,

DNS

DNS Software Internet Internet

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

DNS

DNS IoT Hacking Cybersecurity

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Security Affairs

FEBRUARY 12, 2024

ExpressVPN addressed a bug in the split tunneling feature that exposed the domains visited by the users to configured DNS servers. The expert noticed that the DNS queries were sent to the DNS server configured on the computer. Anyway, disabling the split tunneling feature will prevent the leak of the DNS requests.

DNS

DNS VPN Encryption Internet

Flaws in the BIND software expose DNS servers to attacks

Security Affairs

MAY 1, 2021

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, BIND). Follow me on Twitter: @securityaffairs and Facebook.

DNS

DNS Software Internet Internet

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

ISC fixed high-severity flaws in the BIND DNS software

Security Affairs

SEPTEMBER 25, 2022

The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. SecurityAffairs – hacking, BIND DNS).

DNS

DNS Software Internet Internet

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software

Security Affairs

AUGUST 20, 2021

The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218 , that affects its BIND DNS software.

DNS

DNS Internet Internet Software

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

Security Affairs

MARCH 12, 2025

Microsoft Patch Tuesday security updates for March 2025 addressed 56 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure,NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. Six vulnerabilities are rated Critical, and 50 are rated Important in severity.

DNS

DNS Hacking Information Security

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Malware Hacking

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking

Hacking Malware Advertising DNS

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

The flaw affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325. The flaw impacts the following devices: DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013 DNS-325 Version 1.01 DNS-327L Version 1.09, Version 1.00.0409.2013 DNS-340L Version 1.08

Internet

Internet Internet DNS Hacking

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,DoS)

Authentication

Authentication System Administration DNS Hacking

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

ISC fixed high-severity flaws in DNS software suite BIND

Security Affairs

JANUARY 28, 2023

BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The ISC released security patches to address multiple high-severity denial-of-service DoS vulnerabilities in the DNS software suite. Then ‘named’ may exit due to a lack of free memory.

DNS

DNS Software Internet Internet

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Security Affairs

DECEMBER 16, 2020

In a security advisory published by SolarWinds, the company confirmed the supply chain attack, the threat actors compromised versions 2019.4 The C&C domain communicates to the bot via DNS responses that contained a CNAME field with information on the domain that will provide further commands and payload to the SUNBURST backdoor.

Hacking

Hacking DNS VPN Software

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Security Affairs

DECEMBER 10, 2024

Based on available Passive DNS records, Resecurity identified over 144 domain names registered by the actors in the.com,om,site,top and.icu domain zones. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Smishing Triad )

Social Engineering

Social Engineering Phishing Banking DNS

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 11, 2024

The flaw affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L, these devices contain a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. CISA orders federal agencies to fix this vulnerability by May 2, 2024.

DNS

DNS Authentication Hacking Cybersecurity

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. SecurityAffairs – hacking, Tutanota).

DDOS

DDOS Encryption DNS Advertising

Chinese StormBamboo APT compromised ISP to deliver malware

Security Affairs

AUGUST 4, 2024

Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Malware

Malware DNS Firewall Software

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia) This infrastructure technique is versatile, supporting operations globally. .

Telecommunications

Telecommunications DNS Passwords Hacking

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

Sitting Ducks attack technique exposes over a million domains to hijacking

Security Affairs

AUGUST 1, 2024

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. ” continues the report.

DNS

DNS Accountability Risk Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Security Affairs

JANUARY 19, 2025

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec Alleged Top Ransomware Group Powered by AI Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C Malicious PyPI Package pycord-self Targets Discord Developers with Token Theft (..)

Malware

Malware Artificial Intelligence DNS Ransomware

Akamai software update triggered a bug that took offline major sites

Security Affairs

JULY 22, 2021

Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation Network, AWS, Google, and Salesforce. SecurityAffairs – hacking, DNS).

Software

Software DNS DDOS Technology

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

Mutex_ONLY_ME_V1 ), the malware searches for services.exe process and injects its next stage into the first one it can find Cleanup is performed, removing the update package GuptiMiner operates its own DNS servers to provide legitimate destination domain addresses of C2 servers through DNS TXT responses.

Antivirus

Antivirus Malware DNS Cryptocurrency

A crafty phishing campaign targets Microsoft OneDrive users

Security Affairs

JULY 30, 2024

The attack chain starts by tricking the recipient into clicking a button that claims to explain how to fix a DNS issue, suggesting that resolving this issue will grant access to a desired file. To fix the error, you need to update the DNS cache manually.” ” reads the report published by Trellix.

Phishing

Phishing DNS Social Engineering Engineering

Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack

Security Affairs

JUNE 26, 2019

When a DNS (CNAME) of a domain/subdomain is pointing to Azure cloud platform but has not been configured or linked to an active Azure account, any other Azure user can hijack it. SecurityAffairs – EA games, hacking). The post Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack appeared first on Security Affairs.

Accountability

Accountability Hacking DNS Advertising

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. SecurityAffairs – hacking, Cyber Defense Magazine November 2020 ). appeared first on Security Affairs. Always free, no strings attached.

InfoSec

InfoSec DNS Advertising Marketing

Previously unseen Msupedge backdoor targeted a university in Taiwan

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool. . ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool.

DNS

DNS Malware Hacking Cybercrime

Researchers shared the lists of victims of SolarWinds hack

Security Affairs

DECEMBER 22, 2020

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst / Solarigate backdoor and published the list of targeted organizations.

Hacking

Hacking Banking Manufacturing Financial Services

MikroTik botnet relies on DNS misconfiguration to spread malware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Trending Sources

Morphing Meerkat phishing kits exploit DNS MX records

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Palo Alto Networks fixed a high-severity PAN-OS flaw

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

TsuNAME flaw exposes DNS servers to DDoS attacks

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

BIND updates fix four high-severity DoS bugs in the DNS software suite

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

A DNS flaw impacts a library used by millions of IoT devices

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Flaws in the BIND software expose DNS servers to attacks

NCSC report warns of DNS Hijacking Attacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

ISC fixed high-severity flaws in the BIND DNS software

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Hackers use hackers spreading tainted hacking tools in long-running campaign

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

ISC fixed high-severity flaws in DNS software suite BIND

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

German encrypted email service Tutanota suffers DDoS attacks

Chinese StormBamboo APT compromised ISP to deliver malware

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Linksys force password reset to prevent Router hijacking

Sitting Ducks attack technique exposes over a million domains to hijacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Akamai software update triggered a bug that took offline major sites

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

A crafty phishing campaign targets Microsoft OneDrive users

Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Previously unseen Msupedge backdoor targeted a university in Taiwan

Researchers shared the lists of victims of SolarWinds hack

Stay Connected