DNS, Information Security and IoT - Cyber Security Informer

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products.

DNS

DNS IoT Hacking Cybersecurity

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Firmware Advertising DNS

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

The Last Watchdog

DECEMBER 13, 2020

SASE then provides secure connectivity between the cloud and users, much as with a VPN. It can also deploy web filtering, threat prevention, DNS security, sandboxing, data loss prevention, next-generation firewall policies, information security and credential theft prevention. . Extend security with cloud.

IoT

IoT B2C B2B VPN

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

Next come your social media accounts, and then any accounts that control IoT systems in your house. This is where you take your higher-risk systems, like your IoT devices, your entertainment systems, gaming systems, etc., Change your DNS to 1.1.1.2, Get their passwords changed (see above), and enable two-factor authentication.

Passwords

Passwords DNS Accountability IoT

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

NOVEMBER 15, 2021

The attack was launched by a Mirai botnet variant composed of 15,000 bots, it combined DNS amplification attacks and UDP floods. The botnet included Internet of Things (IoT) devices and GitLab instances. “This was a multi-vector attack combining DNS amplification attacks and UDP floods.

DDOS

DDOS DNS IoT Internet

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Internet

Internet Internet DNS Telecommunications

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

The Hoaxcalls IoT botnet expanded the list of targeted devices and has added new distributed denial of service (DDoS) capabilities. The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods. SecurityAffairs – Hoaxcalls, IoT botnet). Both vulnerabilities have been rated as critical severity (i.e

DDOS

DDOS IoT Advertising DNS

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Now researchers from Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. .

IoT

IoT DNS Manufacturing Firmware

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Security Affairs

DECEMBER 14, 2024

Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware. Claroty’s Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by the Iran-linked threat actors to target devices in infrastructure located in Israel and U.S. d/S93InitSystemd.sh.

IoT

IoT Malware DNS Antivirus

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising Malware

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. Pierluigi Paganini.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

eSecurity Planet

JANUARY 28, 2022

The DDoS assault used multiple attack vectors for User Datagram Protocol (UDP) reflection, including Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP). IoT Devices Multiply Attacks. Two Other Big DDoS Attacks.

DDOS

DDOS IoT Engineering Internet

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets.

IoT

IoT DNS Manufacturing Passwords

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

This year, security experts at Avast have blocked more than 4.6 The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS

DNS Passwords Advertising Banking

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

It is quite easy to find Wind River VxWorks in IoT devices, including webcam, network appliances, VOIP phones, and printers. The vulnerabilities could be exploited by a remote attacker to bypass traditional security solutions and take full control over vulnerable devices without requiring any user interaction.

Risk

Risk IoT Firewall DNS

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers. Some Zyxel devices can be hacked via DNS requests. Creator of multiple IoT botnets, including Satori, pleaded guilty. The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran. Crooks stole €1.5

IoT

IoT Data breaches Advertising DNS

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

MARCH 17, 2022

We published this tool to help customers ensure these IoT devices are not susceptible to these attacks.” It also looks for scheduled tasks, traffic redirection rules (NAT and other rules), DNS cache poisoning, default port changes, non-default users, suspicious files, as well as proxy, SOCKS and firewall rules.

Malware

Malware DNS Ransomware Passwords

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The devices continue to leak the information even when their firewall is turned on. The expert used the Binary Edge IoT search engine to find vulnerable devices, earlier this week he discovered 25,617 routers that were leaking a total of 756,565 unique MAC addresses.

Wireless

Wireless Advertising IoT DNS

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Russia-linked APT29 targets diplomatic and government organizations Synology and QNAP warn of critical Netatalk flaws in some of their products Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict.

IoT

IoT DNS Antivirus Malware

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

Security Affairs

JUNE 16, 2020

Serious security vulnerabilities in the Treck TCP/IP stack dubbed Ripple20 expose millions of IoT devices worldwide to cyber attacks, researchers warn. Hundreds of millions of devices worldwide could be vulnerable to remote attacks due to security vulnerabilities in the Treck TCP/IP stack dubbed Ripple20.

Hacking

Hacking Advertising IoT DNS

Security Affairs newsletter Round 328

Security Affairs

AUGUST 22, 2021

million customers Adobe addresses two critical vulnerabilities in Photoshop Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Kalay cloud platform flaw exposes millions of IoT devices to hack Fortinet FortiWeb OS Command Injection allows takeover servers remotely 1.9

Data breaches

Data breaches Mobile Ransomware Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Security Affairs

DECEMBER 15, 2024

PROXY.AM (..)

Malware

Malware IoT Spyware DNS

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

OCTOBER 27, 2022

This instance left sensitive data open and was already indexed via popular IoT [internet of things] search engines. This instance left sensitive data open and was already indexed via popular IoT search engines. IoT search engines did not show any results for the Thomson Reuters instance before that day.

IoT

IoT Engineering Passwords Media

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

The Simps payload was delivered by exploiting multiple Remote Code Execution vulnerabilities in vulnerable IOT devices. While looking into the historical data of our threat intelligence systems and passive DNS records, we identified several malicious URLs (hash in IOCs section below) downloading a shell script named ur0a.sh

DDOS

DDOS Malware Architecture IoT

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. What makes the Roboto botnet a singular bot is its P2P structure that is rare for IoT DDoS bots, other botnets with a similar capability are the Hajime and Hide’N ‘ Seek botnets.

DDOS

DDOS Advertising System Administration DNS

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. ” reads the advisory published by the security firm. Researchers disclosed the details of five vulnerabilities that can be chained to take over some Netgear router models.

Hacking

Hacking Firmware Authentication DNS

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Security Affairs

MARCH 8, 2022

CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability (CVSS 9.8) None of the above zero-day have been exploited in attacks. The most severe flaws fixed by the IT giant are: CVE-2021-26867 – Windows Hyper-V Remote Code Execution Vulnerability (CVSS 9.9)

IoT

IoT Media DNS Hacking

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Server: Provides powerful computing and storage in local, cloud, and data center networks to run services (Active Directory, DNS, email, databases, apps). Endpoint: Enables access for human users and computer services and commonly includes PCs, laptops, Internet of Things (IoT), and operational technology (OT).

Architecture

Architecture Network Security Firewall Risk

What Is a DMZ Network? Definition, Architecture & Benefits

eSecurity Planet

APRIL 7, 2023

An effective way to make sure users can only access the resources they need is to isolate them in a new subnetwork or network segment with its own access, security, and operational rules. DMZ networks typically contain external-facing resources such as DNS, email, proxy and web servers.

Architecture

Architecture Firewall Network Security Technology

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Read more: Top IT Asset Management Tools for Security. With deep industry experience, Jeremiah Grossman was the Information Security Officer for Yahoo!,

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya

Security Affairs

JULY 7, 2021

Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain ‘decoder[.]re’

Ransomware

Ransomware DNS IoT Retail

Cyber Security Informer

MikroTik botnet relies on DNS misconfiguration to spread malware

A DNS flaw impacts a library used by millions of IoT devices

Trending Sources

New Ttint IoT botnet exploits two zero-days in Tenda routers

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

A 3-Tiered Approach to Securing Your Home Network

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

TrickBot operators employ Linux variants in attacks after recent takedown

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

Mozi infections will slightly decrease but it will stay alive for some time to come

For nearly a year, Brazilian users have been targeted with router attacks

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs newsletter Round 230

Microsoft releases open-source tool for checking MikroTik Routers compromise

Dozens of Linksys router models leak data useful for hackers

Security Affairs newsletter Round 364 by Pierluigi Paganini

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

Security Affairs newsletter Round 328

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24

Thomson Reuters collected and leaked at least 3TB of sensitive data

Discovery of Simps Botnet Leads To Ties to Keksec Group

Roboto, a new P2P botnet targets Linux Webmin servers

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Network Security Architecture: Best Practices & Tools

What Is a DMZ Network? Definition, Architecture & Benefits

Top Cybersecurity Accounts to Follow on Twitter

Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya

Stay Connected