Krebs on Security

SEPTEMBER 1, 2021

Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware.

Malware 329

Malware Cybercrime Internet Internet 329

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide. ” concludes the report.

DNS 141

DNS Firewall DDOS Hacking 141

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS 145

DNS Telecommunications Malware Phishing 145

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. ” continues the analysis.

DNS 144

DNS Malware Technology Encryption 144

Bleeping Computer

JUNE 14, 2023

The Chinese threat group 'ChamelGang' infects Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers. [.]

DNS 140

DNS Malware 140

Krebs on Security

JULY 31, 2024

Your Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly website names (example.com) into numeric Internet addresses. And the bulk of these are at a handful of DNS providers.”

DNS 296

DNS Internet Internet Phishing 296

Krebs on Security

FEBRUARY 4, 2019

But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal. The domains documented by MyOnlineSecurity all had their DNS records altered between Jan. 31 and Feb. Image: Farsight Security.

DNS 264

DNS Ransomware Accountability Internet 264

CSO Magazine

MARCH 14, 2023

During every quarter last year, between 10% and 16% of organizations had DNS traffic originating on their networks towards command-and-control (C2) servers associated with known botnets and various other malware threats, according to a report from cloud and content delivery network provider Akamai.

DNS 128

DNS Malware Ransomware 128

The Hacker News

JANUARY 20, 2023

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.

DNS 126

DNS Mobile Malware 126

Security Affairs

JANUARY 19, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 64

Malware Artificial Intelligence DNS Ransomware 64

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. 48 percent found information-stealing malware activity.

DNS 144

DNS Phishing Ransomware Internet 144

SecureList

JANUARY 19, 2023

Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. This was newly implemented in the known Android malware Wroba.o/Agent.eq Moqhao, XLoader), which was the main malware used in this campaign.

DNS 144

DNS Mobile Malware Accountability 144

Bleeping Computer

APRIL 23, 2023

A new enterprise-targeting malware toolkit called 'Decoy Dog' has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity. [.]

DNS 114

DNS Malware Internet Internet 114

Security Affairs

AUGUST 4, 2024

A China-linked APT, tracked as StormBamboo, compromised an internet service provider (ISP) to poison software update mechanisms with malware. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. The company linked the attacks to StormBamboo APT group.

Malware 144

Malware DNS Firewall Software 144

Krebs on Security

SEPTEMBER 18, 2024

According to DomainTools.com , the organization that registered this domain is called “ apkdownloadweb ,” is based in Rajshahi, Bangladesh, and uses the DNS servers of a Web hosting company in Bangladesh called webhostbd[.]net. net for DNS. net DNS servers). xyz and onlinestreaming[.]xyz. Livestreamnow[.]xyz

Scams 63

Scams DNS Internet Internet 63

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware 261

Malware Antivirus Cybercrime Hacking 261

eSecurity Planet

MAY 3, 2022

Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations. Understanding DNS Spoofing Attacks. For example, when you enter [link] the browser queries a DNS service to reach the matching servers.

DNS 132

DNS Risk Firmware IoT 132

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware 304

Malware Cybercrime Internet Internet 304

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS 97

DNS Malware Firmware Authentication 97

The Hacker News

JUNE 16, 2023

The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH) tunneling. The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities.

DNS 145

DNS Technology Malware Cybersecurity 145

eSecurity Planet

DECEMBER 8, 2023

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. Everything You Need to Know.

DNS 115

DNS DDOS Firewall Architecture 115

The Hacker News

JUNE 13, 2022

The new malware is a.NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. "

DNS 116

DNS Malware 116

Krebs on Security

JANUARY 22, 2019

Your Web browser knows how to find a Web site name like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. ” SAY WHAT? domaincontrol.com.

DNS 263

DNS Internet Internet Computers and Electronics 263

Krebs on Security

MARCH 9, 2021

Ten of these earned Microsoft’s “critical” rating, meaning they can be exploited by malware or miscreants with little or no help from users. All five of the DNS bugs quashed in today’s patch batch earned a CVSS Score (danger metric) of 9.8 — almost as bad as it gets.

DNS 348

DNS Internet Internet Software 348

eSecurity Planet

NOVEMBER 10, 2023

DNS security protects the domain name system (DNS) from attackers seeking to reroute traffic to malicious sites. Since a majority of business IT traffic now accesses or passes through the internet, DNS plays an increasingly important — and vulnerable — role. in the DNS cache for more efficient delivery of information to users.

DNS 110

DNS DDOS Encryption Authentication 110

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 131

Antivirus Malware DNS Cryptocurrency 131

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 130

Malware DNS Authentication Telecommunications 130

Security Affairs

DECEMBER 6, 2024

The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb ) affects dns/views.py “getresetstatus in dns/views.py “getresetstatus in dns/views.py and ftp/views.py. Attackers can manipulate the statusfile property with shell metacharacters. and ftp/views.py ” reads the advisory. . and ftp/views.py

DNS 109

DNS Authentication Ransomware Hacking 109

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned.

DNS 289

DNS Penetration Testing Malware Hacking 289

Security Affairs

MAY 1, 2021

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The post Flaws in the BIND software expose DNS servers to attacks appeared first on Security Affairs. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

DNS 140

DNS Software Internet Internet 140

The Last Watchdog

JUNE 1, 2021

The attackers can also use it for installing malware programs on the victim’s system. The Pharming attacks are carried out by modifying the settings on the victim’s system or compromising the DNS server. In this method of manipulating DNS, the attackers infiltrate the victim’s device and change the local host file.

DNS 214

DNS Phishing Social Engineering Cyber Attacks 214

Bleeping Computer

JANUARY 22, 2024

Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. [.]

DNS 106

DNS Malware Cryptocurrency 106

Tech Republic Security

MARCH 27, 2024

DNS FireWall is an intuitive security app built to protect you and your business from malware, phishing, botnets and more security threats.

Firewall 150

Firewall DNS Phishing Malware 150

Security Affairs

DECEMBER 3, 2023

Threat actors are using the Agent Raccoon malware in attacks against organizations in the Middle East, Africa and the U.S. The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments. telemetry. .

Malware 143

Malware DNS Retail Education 143

Krebs on Security

JULY 14, 2020

Top of the heap this month in terms of outright scariness is CVE-2020-1350 , which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

DNS 319

DNS Backups Software System Administration 319

Krebs on Security

JULY 13, 2021

Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users. out of a possible 10.

DNS 324

DNS Engineering Internet Internet 324

Security Affairs

NOVEMBER 10, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines. reads the report published by Sygnia.

Hacking 130

Hacking Internet Internet Mobile 130