DNS, Hacking and IoT - Cyber Security Informer

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Manufacturing

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products.

DNS

DNS IoT Hacking Cybersecurity

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. The experts demonstrated the remote management of the Twinkly lights carrying out the DNS rebinding attack technique. Pierluigi Paganini. SecurityAffairs – SDUSD , data breach).

IoT

IoT Hacking DNS Authentication

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. SecurityAffairs – hacking, Ttint botnet).

IoT

IoT Firmware Advertising DNS

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

Hacker's King

NOVEMBER 2, 2024

You probably know about Netcat a Swiss Army Knife for networking pen-testing tool for hackers and cybersecurity experts, but what if you get something like that for Internet Of Things (IoT) devices to test their security before an actual hacker does. Specific modules for the technology to be audited.

Penetration Testing

Penetration Testing IoT Technology DNS

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

What’s remarkable about these record-breaking attacks is they were carried out via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras. At its peak, Mirai enslaved over 600,000 vulnerable IoT devices, according to our measurements. OVH DDoS attack.

IoT

IoT DDOS Internet Internet

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The IoT malware ran only on systems with an x86 architecture. Securi ty Affairs – Chalubo, IoT botnet). ” reads the analysis from Sophos Labs.

IoT

IoT DDOS Malware Architecture

The hacker behind Matrix.org hack offers advice to improve security

Security Affairs

APRIL 12, 2019

The hacker that hacked and defaced Matrix.org decided to disclose the security issues discovered during the attack and offers advice. This week, the hacker behind the hack of Matrix.org decided to disclose the vulnerabilities discovered during the attack. SecurityAffairs – Matrix.org, hack). Pierluigi Paganini.

Hacking

Hacking DNS Passwords Data breaches

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

NOVEMBER 15, 2021

The attack was launched by a Mirai botnet variant composed of 15,000 bots, it combined DNS amplification attacks and UDP floods. The botnet included Internet of Things (IoT) devices and GitLab instances. “This was a multi-vector attack combining DNS amplification attacks and UDP floods. Pierluigi Paganini.

DDOS

DDOS DNS IoT Internet

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. attackers abuse M2M protocols to target IoT and IIoT devices. The post M2M protocols can be abused to attack IoT and IIoT systems appeared first on Security Affairs.

IoT

IoT Internet Internet Advertising

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

Security Affairs

JUNE 16, 2020

Serious security vulnerabilities in the Treck TCP/IP stack dubbed Ripple20 expose millions of IoT devices worldwide to cyber attacks, researchers warn. A remote attacker could exploit the flaw by sending specially crafted IP packets or DNS requests to the vulnerable devices. SecurityAffairs – Ripple20, hacking).

Hacking

Hacking Advertising IoT DNS

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

“The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July. Upon investigating the incidents, the researchers determined that a DNS poisoning attack at the ISP level caused the infection.

Internet

Internet Internet DNS Telecommunications

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Now researchers from Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. .

IoT

IoT DNS Manufacturing Firmware

New Mirai variant appears in the threat landscape

Security Affairs

MARCH 16, 2021

“The IoT realm remains an easily accessible target for attackers. SecurityAffairs – hacking, Mirai). “The attacks are still ongoing at the time of this writing. Experts noticed that the malware also downloads more shell scripts that retrieve brute-forcers that could be used to target devices protected with weak passwords.

Wireless

Wireless IoT DNS VPN

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. Security Affairs – GhostDNS, IoT ).

DNS

DNS Malware Firmware Phishing

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

The Hoaxcalls IoT botnet expanded the list of targeted devices and has added new distributed denial of service (DDoS) capabilities. The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods. SecurityAffairs – Hoaxcalls, IoT botnet). Both vulnerabilities have been rated as critical severity (i.e

DDOS

DDOS IoT Advertising DNS

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers. USBAnywhere BMC flaws expose Supermicro servers to hack. Some Zyxel devices can be hacked via DNS requests. Creator of multiple IoT botnets, including Satori, pleaded guilty. Crooks stole €1.5 million from German bank OLB cloning EMV cards.

IoT

IoT Data breaches Advertising DNS

DDoS attacks in Q2 2021

SecureList

JULY 28, 2021

In particular, Gafgyt’s authors copied its implementation of various DDoS methods, such as TCP, UDP and HTTP flooding, as well as its brute-force functionality for hacking IoT devices via the Telnet protocol. It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers.

DDOS

DDOS DNS IoT Marketing

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. SecurityAffairs – hacking, ransomware). Several groups of experts linked both TrickBot and Ryuk threats to cybercrime gangs operating out of Russia.

Healthcare

Healthcare Ransomware Cybercrime Advertising

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Security Affairs

DECEMBER 14, 2024

Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware. Claroty’s Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by the Iran-linked threat actors to target devices in infrastructure located in Israel and U.S. d/S93InitSystemd.sh.

IoT

IoT Malware DNS Antivirus

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”.

DDOS

DDOS IoT Internet Internet

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising Malware

Security Affairs newsletter Round 328

Security Affairs

AUGUST 22, 2021

million customers Adobe addresses two critical vulnerabilities in Photoshop Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Kalay cloud platform flaw exposes millions of IoT devices to hack Fortinet FortiWeb OS Command Injection allows takeover servers remotely 1.9 SecurityAffairs – hacking, newsletter).

Data breaches

Data breaches Mobile Ransomware Hacking

Exploring OSINT Tools: How Ethical Hackers Gather Intelligence

Hacker's King

OCTOBER 12, 2024

In today’s digital landscape, gathering intelligence is a critical component of cybersecurity and ethical hacking. Maltego works by using "transforms" to extract data from a range of online sources such as DNS records, whois databases, social media, and web pages. Wide Range of Devices: Scans for IoT devices, webcams, and more.

Media

Media Penetration Testing DNS Internet

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

MARCH 17, 2022

We published this tool to help customers ensure these IoT devices are not susceptible to these attacks.” It also looks for scheduled tasks, traffic redirection rules (NAT and other rules), DNS cache poisoning, default port changes, non-default users, suspicious files, as well as proxy, SOCKS and firewall rules.

Malware

Malware DNS Ransomware Passwords

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

Security Affairs

FEBRUARY 9, 2021

Microsoft February 2021 Patch Tuesday security updates address 56 CVEs in multiple products, including Windows components,NET Framework, Azure IoT, Azure Kubernetes Service, Microsoft Edge for Android, Exchange Server, Office and Office Services and Web Apps, Skype for Business and Lync, and Windows Defender. Pierluigi Paganini.

DNS

DNS IoT Backups Mobile

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Passwords

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

SecurityAffairs – hacking, newsletter). Russia-linked APT29 targets diplomatic and government organizations Synology and QNAP warn of critical Netatalk flaws in some of their products Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict. To nominate, please visit:?

IoT

IoT DNS Antivirus Malware

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Security Affairs

DECEMBER 15, 2024

PROXY.AM (..)

Malware

Malware IoT Spyware DNS

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

It is quite easy to find Wind River VxWorks in IoT devices, including webcam, network appliances, VOIP phones, and printers. An attacker can intercept the TCP connection in different ways, for example using DNS changer malware, targeting DNS servers and carrying out Man-in-The-Middle attacks.

Risk

Risk IoT Firewall DNS

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

The Simps payload was delivered by exploiting multiple Remote Code Execution vulnerabilities in vulnerable IOT devices. While looking into the historical data of our threat intelligence systems and passive DNS records, we identified several malicious URLs (hash in IOCs section below) downloading a shell script named ur0a.sh

DDOS

DDOS Malware Architecture IoT

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The expert used the Binary Edge IoT search engine to find vulnerable devices, earlier this week he discovered 25,617 routers that were leaking a total of 756,565 unique MAC addresses. Unfortunately, the flaw is very easy to exploit, and it is possible. The devices continue to leak the information even when their firewall is turned on.

Wireless

Wireless Advertising IoT DNS

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

A user reported that its D-Link DNS-320 device was infected by malicious code. The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware

Ransomware DNS Firmware Encryption

Proactive Intelligence: A Paradigm Shift In Cyber Defense

Security Boulevard

MARCH 6, 2024

As we’ve seen from several high-profile hacks of recent years, bad actors often break into a network and lie low for months — even years — as they silently steal data and cause damage fully undetected. That's where technologies like protective DNS come in. million — 15% more than it was in 2020.

DNS

DNS Phishing Data breaches Cyber threats

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

OCTOBER 27, 2022

This instance left sensitive data open and was already indexed via popular IoT [internet of things] search engines. This instance left sensitive data open and was already indexed via popular IoT search engines. IoT search engines did not show any results for the Thomson Reuters instance before that day. Pierluigi Paganini.

IoT

IoT Engineering Passwords Media

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 15, 2024

CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.S.

Firewall

Firewall Spyware Surveillance Cybercrime

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Security Affairs

MARCH 8, 2022

CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability (CVSS 9.8) SecurityAffairs – hacking, Microsoft March 2022 Patch Tuesday). None of the above zero-day have been exploited in attacks. CVE-2021-27080 – Azure Sphere Unsigned Code Execution Vulnerability (CVSS 9.3). Pierluigi Paganini.

IoT

IoT Media DNS Hacking

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. What makes the Roboto botnet a singular bot is its P2P structure that is rare for IoT DDoS bots, other botnets with a similar capability are the Hajime and Hide’N ‘ Seek botnets.

DDOS

DDOS Advertising System Administration DNS

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. In the Credential Access tactic, credential dumping attacks appear to be targeting routers and IoT devices such as CCTV cameras.

Firewall

Firewall Authentication DNS Accountability

MikroTik botnet relies on DNS misconfiguration to spread malware

IoT Unravelled Part 3: Security

Trending Sources

A DNS flaw impacts a library used by millions of IoT devices

Hacking the Twinkly IoT Christmas lights

New Ttint IoT botnet exploits two zero-days in Tenda routers

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

Overview of IoT threats in 2023

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Chalubo, a new IoT botnet emerges in the threat landscape

The hacker behind Matrix.org hack offers advice to improve security

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

M2M protocols can be abused to attack IoT and IIoT systems

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

New Mirai variant appears in the threat landscape

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs newsletter Round 230

DDoS attacks in Q2 2021

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

FBI warns cyber actors abusing protocols as new DDoS attack vectors

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs newsletter Round 328

Exploring OSINT Tools: How Ethical Hackers Gather Intelligence

Microsoft releases open-source tool for checking MikroTik Routers compromise

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including an actively exploited Windows zero-day

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs newsletter Round 364 by Pierluigi Paganini

For nearly a year, Brazilian users have been targeted with router attacks

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Discovery of Simps Botnet Leads To Ties to Keksec Group

Dozens of Linksys router models leak data useful for hackers

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Proactive Intelligence: A Paradigm Shift In Cyber Defense

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Roboto, a new P2P botnet targets Linux Webmin servers

Threat Trends: Firewall

Stay Connected