DNS, Information Security and Passwords

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. By July 2023 kits could dynamically load phishing pages based on DNS MX records.

DNS

DNS Phishing Banking Passwords

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. In early 2020, Exorn promoted a website called “ orndorks[.]com

Hacking

Hacking Cybercrime Advertising Data breaches

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. ” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

There are security/hacker types that maintain massive repositories of passwords. Change all default passwords to something unique and strong. Most home networks get broken into through either phishing or some random device they have with a bad password. Change your DNS to 1.1.1.2, or 1.1.1.3

Passwords

Passwords DNS Accountability IoT

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations. Attackers inserted rogue JavaScript to capture usernames and passwords in real-time, enhancing lateral movement within networks. This infrastructure technique is versatile, supporting operations globally.

Telecommunications

Telecommunications DNS Passwords Hacking

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

This year, security experts at Avast have blocked more than 4.6 The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS

DNS Passwords Advertising Banking

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

“Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Internet Internet Malware

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. Additionally, it can interact with other devices on the LAN and transfer data or deploy new agents.

Malware

Malware DNS Authentication Telecommunications

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

The flaw affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325. An attacker can exploit the flaw to achieve command execution on the affected D-Link NAS devices, gain access to potential access to sensitive information, system configuration alteration, or denial of service.

Internet

Internet Internet DNS Hacking

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Internet

Internet Internet DNS Telecommunications

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. In some cases, users were infected with the Oski information-stealing malware. . 234.35.230 and 94 [. 103.82.249. washington.edu imageshack.us

Malware

Malware DNS Advertising Cryptocurrency

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. Below is the list of malicious Python packages: importantpackage / important-package pptest ipboards owlmoon DiscordSafety trrfab 10Cent10 / 10Cent11 yandex-yt yiffparty.

DNS

DNS Passwords Malware Hacking

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

DECEMBER 12, 2021

ssh/authorized_keys file, the attacker can directly log into the remote server without password authentication. During this process, a number of DNS requests are generated.” After the public key is added to the ~/.ssh/authorized_keys Experts pointed out that Muhstik uses the TOR network for its reporting mechanism.

DDOS

DDOS DNS Passwords Authentication

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

This requires a robust connection to the Internet (Lumen and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Commscope Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. DNS traffic at Record Low.

DNS

DNS Firewall Malware Mobile

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. “LYCEUM initially accesses an organization using account credentials obtained via password spraying or brute-force attacks. The malware uses DNS and HTTP-based communication mechanisms.

DNS

DNS Passwords Penetration Testing Social Engineering

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

MARCH 17, 2022

TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. TrickBot initially partnered with Ryuk ransomware that used it for initial access in the network compromised by the botnet.

Malware

Malware DNS Ransomware Passwords

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Once gained the access the Cloudflare account they were able to lock out any other employee of the company.

Hacking

Hacking DNS Cryptocurrency Accountability

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. ” state researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT.

IoT

IoT DNS Manufacturing Firmware

Black Hat Europe 2021 Network Operations Center: London called, We answered

Cisco Security

NOVEMBER 29, 2021

Cisco Secure supports the NOC operations with DNS visibility and architecture intelligence ( Cisco Umbrella and Cisco Umbrella Investigate ) and automated malware analysis and threat intelligence ( Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX ).

DNS

DNS Malware Mobile Firewall

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media

Media Accountability Telecommunications Government

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

change DNS settings to hijack the traffic, perform MitM attacks). ” reads the security advisory. While analyzing the dual-band D-Link DSL-2875AL wireless router, the expert discovered that a file located at https : //[router ip address ] /romfile.cfg contains the login password of the device in plaintext. download=true.

DNS

DNS Passwords Authentication Advertising

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

JANUARY 16, 2023

Milisic also devised a trick to block the malware using the Pi-hole to change the DNS of the command and control server, YCXRL.COM to 127.0.0.2. He also created an iptables rule to redirect all DNS to the Pi-hole as the malware/virus/whatever will use external DNS if it can’t resolve. ” continues the expert.

Malware

Malware DNS Firmware Internet

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network. Crowdstrike collected evidence of the use of password-spraying attempts using extremely weak either third-party-focused passwords (i.e.

Telecommunications

Telecommunications Mobile Hacking Architecture

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

“These techniques include numerous modules that exploit implicit trust, weak passwords, and unauthenticated remote code execution (RCE) vulnerabilities in popular applications, including Secure Shell (SSH), IT administration tools, a variety of cloud-based applications, and databases.” ” continues the analysis.

Cryptocurrency

Cryptocurrency Malware DNS Passwords

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. The flaw affects the procedure for changing expired passwords, the backdoor could be exploited by a remote attacker to execute malicious commands with root privileges on the machine running vulnerable Webmin. .”

Passwords

Passwords System Administration Advertising DNS

Black Hat Europe 2022 NOC: The SOC Inside the NOC

Cisco Security

DECEMBER 22, 2022

Integrating Security. As the needs of Black Hat evolved, so did the Cisco Secure Technologies in the NOC: Cisco SecureX : Extended Detection and Response actions / Automations. Cisco Umbrella : DNS visibility and security. In the Cisco Secure technology stack, within the Black Hat NOC, we use SecureX Single Sign-on.

DNS

DNS Malware Accountability Wireless

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com I advise anyone who is using an old NR [Near Reality] password for anything remotely important should change it ASAP.”

Hacking

Hacking Accountability Data breaches Marketing

These are the sources of DDoS attacks against Russia, local NCCC warns

Security Affairs

MARCH 4, 2022

The Russian government fears the consequence of data breaches suffered by its organizations or possible interference by third-party nation state actors that could exploit the ongoing attacks to carry out covet cyber attacks.

DDOS

DDOS DNS Backups Data breaches

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

An attacker can trigger the flaw by supplying carefully crafted username and/or password as base64 encoded strings inside the fields aa and ab of the login page. Leak of the sensitive data stored on the router (keys, administrative passwords, etc.)

Hacking

Hacking Internet Internet Passwords

Symbiote, a nearly-impossible-to-detect Linux malware?

Security Affairs

JUNE 9, 2022

In addition to the rootkit capability, the malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges.” ” reads the report published by Blackberry. ” concludes the report.

Malware

Malware DNS Antivirus Passwords

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

Pink also adopts the DNS-Over-HTTPS ( DoH ) for the distribution of configuration information that’s done either via a project hidden on GITHUB or Baidu Tieba, or via a built-in domain name hard-coded into some of the samples.

Architecture

Architecture DDOS Advertising DNS

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. state researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT. “By

IoT

IoT DNS Manufacturing Passwords

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches

Data breaches Advertising DNS Engineering

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The issue discovered by the expert, in fact, could be used by attackers to discover if the vulnerable routers are still using default administrative passwords. Mursch discovered that about 4,000 of the vulnerable devices were still using the default admin credentials.

Wireless

Wireless Advertising IoT DNS

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

APT28 is likely launching spear-phishing attacks against the employees of legitimate companies to steal their login credentials for corporate email accounts, or performing brute-force attacks to guess email account passwords. ” concludes the report. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Accountability Advertising DNS

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. The flaw affects the procedure for changing expired passwords, the backdoor could be exploited by a remote attacker to execute malicious commands with root privileges on the machine running vulnerable Webmin.

DDOS

DDOS Advertising System Administration DNS

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

If your VPN includes all DNS requests and traffic then you could be hiding significantly from your ISP. But there’s another version of this where you start with a control question, such as: What’s more secure, typing a password into my phone, using my fingerprint, or using facial recognition? This is true.

VPN

VPN Risk Hacking Encryption

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks.” for the RAX30 router family.

Hacking

Hacking Firmware Authentication DNS

Security Affairs newsletter Round 370 by Pierluigi Paganini

Security Affairs

JUNE 20, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Spyware

Spyware DNS Ransomware Surveillance

Security Affairs newsletter Round 312

Security Affairs

MAY 2, 2021

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Password Management

Password Management DNS Ransomware Malware

Morphing Meerkat phishing kits exploit DNS MX records

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Trending Sources

Linksys force password reset to prevent Router hijacking

NCSC report warns of DNS Hijacking Attacks

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Local Networks Go Global When Domain Names Collide

A 3-Tiered Approach to Securing Your Home Network

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

For nearly a year, Brazilian users have been targeted with router attacks

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Cuttlefish malware targets enterprise-grade SOHO routers

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Experts found 11 malicious Python packages in the PyPI repository

Two Linux botnets already exploit Log4Shell flaw in Log4j

Black Hat USA 2021 Network Operations Center

Lyceum APT made the headlines with attacks in Middle East

Microsoft releases open-source tool for checking MikroTik Routers compromise

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Black Hat Europe 2021 Network Operations Center: London called, We answered

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Some models of Comba and D-Link WiFi routers leak admin credentials

T95 Android TV Box sold on Amazon hides sophisticated malware

China-linked LightBasin group accessed calling records from telcos worldwide

Cryptomining DreamBus botnet targets Linux servers

Backdoored Webmin versions were available for download for over a year

Black Hat Europe 2022 NOC: The SOC Inside the NOC

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

These are the sources of DDoS attacks against Russia, local NCCC warns

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Symbiote, a nearly-impossible-to-detect Linux malware?

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Mozi infections will slightly decrease but it will stay alive for some time to come

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Dozens of Linksys router models leak data useful for hackers

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Roboto, a new P2P botnet targets Linux Webmin servers

Everyday Threat Modeling

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs newsletter Round 370 by Pierluigi Paganini

Security Affairs newsletter Round 312

Stay Connected