Security Affairs

APRIL 24, 2024

Below the infection chain described by Avast: The eScan updater triggers the update The downloaded package file is replaced with a malicious one on the wire because of a missing HTTPS encryption (MitM is performed) A malicious package updll62.dlz GuptiMiner connects directly to malicious DNS servers, bypassing the DNS network entirely.

Antivirus 96

Antivirus Malware DNS Cryptocurrency 96

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on.

Encryption 109

Encryption Antivirus DNS Advertising 109

Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates.

Encryption 106

Encryption Advertising DNS Software 106

Security Affairs

OCTOBER 11, 2021

A wildcard certificate allows administrators to use a single wildcard certificate to protect each of subdomains, anyway, researchers warn that the use of wildcard TLS certificates could be exploited by attackers to decrypt TLS-encrypted traffic. SecurityAffairs – hacking, wildcard TLS certificate). Pierluigi Paganini.

DNS 125

DNS Encryption Risk Firewall 125

Security Affairs

JANUARY 29, 2023

Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper ISC fixed high-severity flaws in DNS software suite BIND Patch management is crucial to protect Exchange servers, Microsoft warns Hacker accused of having stolen personal data of all Austrians and more CVE-2023-23560 flaw exposes 100 (..)

DNS 84

DNS Data breaches Hacking Backups 84

Security Affairs

AUGUST 31, 2022

Once executed, the malware makes unique DNS connections, experts determined that the binary was leveraging a DNS data exfiltration technique by sending unique DNS queries to a target C2 DNS server. “This technique works by sending an encrypted string appended to the DNS query set as a subdomain.

Malware 80

Malware DNS Antivirus Encryption 80

Security Affairs

NOVEMBER 5, 2021

Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. The ransomware module encrypts the files in the victim’s server and appends a file extension.babyk to the encrypted files.”

Ransomware 122

Ransomware Backups Encryption DNS 122

Security Affairs

SEPTEMBER 22, 2021

For the specific DNS-based MITM attack used above, the attacker must race DNS queries from the Circle update daemon. Other MitM attacks that do not rely on DNS manipulation will also allow an attacker to exploit this vulnerability.” SecurityAffairs – hacking, SOHO). ” concludes the report. Pierluigi Paganini.

DNS 125

DNS Firmware VPN Risk 125

Malwarebytes

JANUARY 22, 2024

In December 2023, the US charged two Russians believed to be members of this group, for their role in a campaign that hacked government accounts. These lure documents, which are harmless PDF files, are sent to the target, but when they open them the content appears to be encrypted.

Social Engineering 96

Social Engineering Government Media DNS 96

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. SecurityAffairs – hacking, Ttint botnet). This botnet does not seem to be a very typical player.” Pierluigi Paganini.

IoT 136

IoT Firmware DNS Advertising 136

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). SecurityAffairs – hacking, newsletter). To nominate, please visit:?. Pierluigi Paganini.

Ransomware 111

Ransomware DNS Cybercrime Hacking 111

Security Affairs

DECEMBER 5, 2020

DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. The backdoor uses multiple tricks to evade detection and leverages DNS over HTTPS (DoH) to communicate with its C2 server, using Cloudflare responders. Pierluigi Paganini.

DNS 80

DNS Phishing Antivirus Encryption 80

Security Affairs

SEPTEMBER 25, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 385 appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here. gov adds more Chinese Telecom firms to the Covered List Imperva blocked a record DDoS attack with 25.3

Cryptocurrency 82

Cryptocurrency Data breaches DNS DDOS 82

Security Affairs

JANUARY 20, 2022

Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.”

Ransomware 106

Ransomware Banking Malware Encryption 106

Security Affairs

FEBRUARY 18, 2024

Datacenter Proxies: Choosing the Right Option CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog Canada Gov plans to ban the Flipper Zero to curb car thefts ExpressVPN leaked DNS requests due to a bug in the split tunneling feature 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data US (..)

Cybercrime 92

Cybercrime Ransomware Malware Data breaches 92

Security Affairs

FEBRUARY 5, 2021

The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malicious code also leverages other techniques to avoid detection, for example it modifies the system DNS resolvers and uses Google’s public DNS servers to bypass DNS monitoring tools.

Malware 108

Malware DNS Cryptocurrency Internet 108

Security Affairs

JANUARY 2, 2023

The malicious binary performs the following actions: Get system information; Reads the following files: /etc/passwd. Exfiltrate the collected data via encrypted DNS queries to the domain *.h4ck[.]cfd, cfd, using the DNS server wheezy[.]io. SecurityAffairs – hacking, PyPI). The first 1,000 files in $HOME/*.

DNS 84

DNS Encryption Hacking Information Security 84

Security Affairs

AUGUST 18, 2021

The Diavol ransomware was compiled with Microsoft Visual C/C++ Compiler, it uses user-mode Asynchronous Procedure Calls (APCs) without symmetric encryption algorithm for encryption, which has worse performance compared to symmetric algorithms. Anchor DNS ), except for the username field. SecurityAffairs – hacking, cybercrime).

Ransomware 99

Ransomware DNS Cybercrime Malware 99

Security Affairs

MAY 15, 2023

Merdoor is a fully-featured backdoor that supports multiple capabilities, including installing itself as a service, keylogging, a variety of methods to communicate with its command-and-control (C&C) server (HTTP, HTTPS, DNS, UDP, TCP), and the ability to listen on a local port for commands.

Encryption 81

Encryption DNS Phishing Malware 81

Security Affairs

NOVEMBER 19, 2020

Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.” Pierluigi Paganini.

Ransomware 110

Ransomware DNS Encryption Hacking 110

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

NOVEMBER 9, 2020

“The Snugy backdoor uses a DNS tunneling channel to run commands on the compromised server. The threat actor would log into the same legitimate email account and create an email draft with a subject of “555,” which includes the command in an encrypted and base64 encoded format. SecurityAffairs – hacking, Microsoft Exchange).

DNS 108

DNS Accountability Government Cyber Attacks 108

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Street @jaysonstreet.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

FEBRUARY 4, 2021

“The encryption algorithm implemented in this botnet and the process of obtaining C2 are nested in layers, like Russian nesting dolls.For this reason we named it Matryosh.” The Matryosh initially decrypts the remote hostname and uses the DNS TXT request to obtain TOR C2 and TOR proxy, then it connects with the TOR proxy.

DDOS 127

DDOS DNS Antivirus Malware 127

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS 77

DNS Advertising Spyware Software 77

Security Affairs

JUNE 20, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Spyware 68

Spyware DNS Surveillance Ransomware 68

Security Affairs

JULY 14, 2021

We have observed malicious binaries use openssl with base64, Advanced Encryption Standard (AES), CBC (Cipher Block Chaining) to thwart security scanners in the format as shown below: openssl enc -aes-256-cbc -d -A -base64 -pass pass:<> Curl. Bash scripts invoking encrypted Zip file.

Adware 119

Adware Encryption Malware Passwords 119

Security Affairs

AUGUST 29, 2023

The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. The attackers attempted to verify outbound network connectivity with a ping command and executed host commands for a subnet-wide DNS lookup. Network-segmentation controls blocked this activity too.

VPN 100

VPN Ransomware DNS Malware 100

Security Affairs

OCTOBER 20, 2021

“However, instead of sending it in cleartext, the client deploys a symmetric AES encryption for any communication over the WebSocket for the first exchange, as no shared secret is established yet, and the AES encryption will generate a default key for this first exchange. SecurityAffairs – hacking, PurpleFox botnet).

Encryption 85

Encryption DNS Architecture Firewall 85

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. SecurityAffairs – GALLIUM, hacking).

Telecommunications 65

Telecommunications DNS Malware Advertising 65

Daniel Miessler

SEPTEMBER 27, 2020

They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. VPNs encrypt the traffic between you and some endpoint on the internet, which is where your VPN is based. Super Hackers Trying to Hack You. This is true.

VPN 326

VPN Risk Hacking Encryption 326

Security Affairs

OCTOBER 22, 2021

xyz” TLD that are randomly generated and that stored in an encrypted form inside the binary. Upon contacting the C2, the rootkit will select a random domain from the list, each such domain having several DNS A records. SecurityAffairs – hacking, cyber security). Follow me on Twitter: @securityaffairs and Facebook.

Malware 106

Malware DNS Internet Internet 106

Security Affairs

JULY 11, 2022

Operators can easily make this configuration through an interface that uses the CloudFlare API for configuring new DNS zones. As observed, criminals are using the Let’s Encrypt CA to create valid HTTPs certificates. SecurityAffairs – hacking, Anubis). The ANUBIS network phishing campaigns are masked through the Cloudflare CDN.

Phishing 100

Phishing Social Engineering Banking Engineering 100

Security Affairs

JULY 23, 2019

Attackers also noticed that systems infected with the above two families were also targeted with the RoyalDNS malware that uses DNS to communicate with the C&C server. Once executed the command the backdoor returns output through DNS. SecurityAffairs – APT15, hacking). Pierluigi Paganini.

DNS 85

DNS Malware Advertising Manufacturing 85

Security Affairs

OCTOBER 12, 2019

FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic. SecurityAffairs – FIN7, hacking).

Identity Theft 73

Identity Theft Hacking Advertising DNS 73

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches 99

Data breaches DNS Advertising Engineering 99

eSecurity Planet

JUNE 21, 2022

Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on. GSEC is intended for anyone new to cyber security who has some background in information systems and networks.

Cybersecurity 117

Cybersecurity Penetration Testing System Administration Cyber Attacks 117