Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings.

DNS 98

DNS Mobile Malware Hacking 98

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). ” states the analysis. ” states the analysis.

DNS 107

DNS Malware Advertising DDOS 107

Security Affairs

DECEMBER 6, 2024

The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb ) affects dns/views.py “getresetstatus in dns/views.py “getresetstatus in dns/views.py and ftp/views.py. Attackers can manipulate the statusfile property with shell metacharacters. and ftp/views.py ” reads the advisory. . and ftp/views.py

DNS 108

DNS Authentication Ransomware Hacking 108

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 129

Antivirus Malware DNS Cryptocurrency 129

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 127

Malware DNS Authentication Telecommunications 127

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS 138

DNS Government Advertising Engineering 138

Security Affairs

MAY 1, 2021

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DNS 138

DNS Software Internet Internet 138

Security Affairs

NOVEMBER 10, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Hacking 127

Hacking Internet Internet Government 127

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments. telemetry. .

Malware 142

Malware DNS Retail Education 142

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS 94

DNS Advertising Malware Hacking 94

Security Affairs

JUNE 9, 2022

Researchers uncovered a high stealth Linux malware, dubbed Symbiote, that could be used to backdoor infected systems. Joint research conducted by security firms Intezer and BlackBerry uncovered a new Linux threat dubbed Symbiote. “Symbiote is a malware that is highly evasive. appeared first on Security Affairs.

Malware 145

Malware DNS Antivirus Passwords 145

Security Affairs

MAY 1, 2023

Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks. While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks. ” concludes the report.

Malware 98

Malware DNS Education Media 98

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 117

Malware DNS Cryptocurrency Internet 117

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware 109

Malware DNS Advertising Cryptocurrency 109

Security Affairs

APRIL 11, 2024

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware.

Malware 134

Malware DNS Software Mobile 134

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords 145

Passwords DNS Malware Advertising 145

Security Affairs

JANUARY 14, 2021

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. Pierluigi Paganini.

Malware 138

Malware Surveillance Phishing Government 138

Security Affairs

JANUARY 8, 2022

Researchers warn of new campaigns distributing a new improved version of the FluBot malware posing as Flash Player. Researchers from F5 security are warning of a new enhanced version of the FluBot Android malware that that spread posed as Flash Player. cy do klikni?cia cia w link z rzekomo ciekawym filmem? In version 4.9,

Malware 123

Malware DNS Banking Hacking 123

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 98

Malware DNS Antivirus Encryption 98

Security Affairs

JANUARY 16, 2023

Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. ” the expert wrote on Reddit.

Malware 98

Malware DNS Firmware Internet 98

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software 121

Software Malware Banking Advertising 121

Security Affairs

MARCH 3, 2024

The researchers observed the malware trying to contact a Taiwan-based public DNS resolver with the IP address 168.95.1[.]1. The researchers observed the malware initiating a DNS query to resolve the domain download.vmfare[.]com com by using the public DNS resolver at 168.95[.]1.1. ” concludes the report.

DNS 139

DNS Malware Encryption Hacking 139

Security Affairs

AUGUST 1, 2024

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. ” continues the report.

DNS 121

DNS Accountability Risk Hacking 121

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations.

Telecommunications 105

Telecommunications DNS Passwords Hacking 105

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware 103

Malware Phishing DNS Engineering 103

Daniel Miessler

MAY 8, 2020

MalwareBytes has somehow won the battle of the best consumer anti-malware offering. Change your DNS to 1.1.1.2, Next, you can consider changing your DNS settings on all your devices to use those by Cloudflare. blocks just malware, and 1.1.1.3 blocks malware and adult content. or 1.1.1.3

Passwords 255

Passwords DNS Accountability IoT 255

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. “As a result these providers went down. .

DDOS 145

DDOS Encryption DNS Advertising 145

The Last Watchdog

DECEMBER 13, 2020

SASE then provides secure connectivity between the cloud and users, much as with a VPN. It can also deploy web filtering, threat prevention, DNS security, sandboxing, data loss prevention, next-generation firewall policies, information security and credential theft prevention. . But it much further. Ransomware.

IoT 214

IoT B2C B2B VPN 214

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware 134

Malware DNS Government Software 134

Security Affairs

SEPTEMBER 26, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Internet 126

Internet Internet DNS Telecommunications 126

Security Affairs

JUNE 28, 2022

The malware was designed to target routers from ASUS, Cisco, DrayTek, and NETGEAR. Experts speculate ZuoRAT is based on the Mirai malware, but it is a heavily modified version. The first component includes multiple functions that allow operators to collect network traffic on UDP, DNS and some TCP connections. Pierluigi Paganini.

Malware 98

Malware DNS Hacking Technology 98

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The operations behind the DirtyMoe botnet rapidly changed since the end of 2020, when the malware authors added a worm module that could increase their activity by spread via the internet to other Windows systems. ” concludes the analysis.”

DNS 145

DNS Internet Internet Malware 145

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware 103

Malware Telecommunications DNS Hacking 103

Cisco Security

AUGUST 12, 2021

This requires a robust connection to the Internet (Lumen and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Commscope Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. Threat Grid (Secure Malware Analytics).

DNS 145

DNS Firewall Malware Mobile 145

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool. . ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool.

DNS 119

DNS Malware Hacking Cybercrime 119

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware 97

Malware DDOS Advertising DNS 97

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS 135

DNS Phishing Advertising Malware 135