2014, Accountability, DNS and Information Security

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Security Affairs

JUNE 4, 2020

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. “The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

Accountability

Accountability Phishing DNS Cryptocurrency

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. “As a result these providers went down.

DDOS

DDOS Encryption DNS Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. appeared first on Security Affairs. Pierluigi Paganini.

InfoSec

InfoSec DNS Advertising Marketing

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals.

Hacking

Hacking Accountability Data breaches Marketing

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Clearly the access to the CEO account allowed the hacker to breach the company. Pierluigi Paganini.

Hacking

Hacking DNS Cryptocurrency Accountability

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. In some cases, users were infected with the Oski information-stealing malware. . 234.35.230 and 94 [. 103.82.249. washington.edu imageshack.us

Malware

Malware DNS Advertising Cryptocurrency

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014. The group was observed using this scheme between 2019 and 2020, and according to the experts, most of the compromised email accounts belong to defense companies in the Middle East.

Phishing

Phishing Accountability Advertising DNS

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Security Affairs

JULY 15, 2023

Gamaredon has been active since 2014 and its activity focus on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo. The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations.

Social Engineering

Social Engineering DNS Accountability Malware

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. But experts discovered that Microsoft did not take care of DNS entries for the sub-domains that for some reason it stops to update. ” states a report published by the security duo.

DNS

DNS Phishing Advertising Malware

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. “LYCEUM initially accesses an organization using account credentials obtained via password spraying or brute-force attacks. The malware uses DNS and HTTP-based communication mechanisms.

DNS

DNS Passwords Penetration Testing Social Engineering

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

One million cracked Poshmark accounts being sold online. Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Crooks stole €1.5 Pierluigi Paganini.

IoT

IoT Data breaches DNS Advertising

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

change DNS settings to hijack the traffic, perform MitM attacks). ” reads the security advisory. This could allow an attacker to access the ISP account or the router itself if they admins reused the same credentials.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Passwords Authentication Wireless

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Webmin, hacking).

Passwords

Passwords System Administration Advertising DNS

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

OilRig Description : According to MITRE , OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Passwords Advertising DNS

Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack

Security Affairs

JUNE 26, 2019

Experts discovered security flaws in EA Games’ login process that could allow an attacker to take over EA gamers’ accounts and steal sensitive data. In order to hijack a gamer’s EA account the attackers have to chain the flaws and trick the victims into opening an official webpage from the EA Games website.

Accountability

Accountability Hacking DNS Advertising

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

They ask you to make certain changes in your account by entering your login password or ask for some reconfirmation. The motto behind the email is to lend you to a fake web page that is designed for the sole purpose of stealing user information. The most common type is phishing is carried out through fraudulent email receptionist.

Phishing

Phishing Accountability Authentication Passwords

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Europe, the Middle East and India.

Malware

Malware DNS Media Architecture

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

NCSC report warns of DNS Hijacking Attacks. A flaw could have allowed hackers to take over any Instagram account in 10 minutes. Sprint revealed that hackers compromised some customer accounts via Samsung site. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Small Business

Small Business Media Spyware DNS

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Middle Eastern countries (Kuwait, Pakistan, the UAE, and Qatar) together account for 2.38% in this ranking. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Telecommunications Marketing Internet

Unveiling JsOutProx: A New Enterprise Grade Implant

Security Affairs

DECEMBER 20, 2019

The “Dns” Plugin. The DnsPlugin handles the machine’s DNS configuration. Instead, the OutlookPlugin weaponize the implant with common information stealing capabilities enabling the attackers to gather account information and contact list. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware DNS Architecture Advertising

Security Affairs newsletter Round 273

Security Affairs

JULY 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DNS

DNS Advertising Surveillance Malware

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

To carried out this attack, crooks modified the DNS record of a popular web accessibility plugin from nagich[.]com. Ido Naor , Principal Security Researcher at Kaspersky Lab, was who share this threat on Saturday, March 2nd, at VirusBay. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Encryption Malware Cyber Attacks

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

To carried out this attack, crooks modified the DNS record of a popular web accessibility plugin from nagich[.]com. Ido Naor , Principal Security Researcher at Kaspersky Lab, was who share this threat on Saturday, March 2nd, at VirusBay. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber Security Informer

NCSC report warns of DNS Hijacking Attacks

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Webinars

Trending Sources

German encrypted email service Tutanota suffers DDoS attacks

Webinars

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Linksys force password reset to prevent Router hijacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Hundreds of Microsoft sub-domains open to hijacking

Lyceum APT made the headlines with attacks in Middle East

Security Affairs newsletter Round 230

Some models of Comba and D-Link WiFi routers leak admin credentials

Backdoored Webmin versions were available for download for over a year

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Roboto, a new P2P botnet targets Linux Webmin servers

OilRig APT group: the evolution of attack techniques over time

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Flaws in EA Games Login exposed accounts of 300 Million Gamers to hack

5 Common Phishing Attacks and How to Avoid Them?

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs newsletter Round 223 – News of the week

Group-IB presents its annual report on global threats to stability in cyberspace

Unveiling JsOutProx: A New Enterprise Grade Implant

Security Affairs newsletter Round 273

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Stay Connected