2014, Antivirus and DNS - Cyber Security Informer

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Pierluigi Paganini.

Passwords

Passwords DNS Malware Advertising

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Antivirus DNS Advertising

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. The registration records for the website Cryptor[.]biz ” Crypt[.]guru’s

Malware

Malware Antivirus Cybercrime Hacking

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. . Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Analyzing OilRigs malware that uses DNS Tunneling. Avast, Avira, Sophos and other antivirus solutions show problems after. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Spyware Data breaches DNS

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

FIN7 has been observed making small changes to this malware family using multiple methods to avoid traditional antivirus detection, including a BOOSTWRITE sample where the dropper was signed by a valid Certificate Authority. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic.

Identity Theft

Identity Theft Hacking Advertising DNS

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

SEPTEMBER 8, 2018

Patrick Wardle by redirecting DNS resolution was able to capture the exfiltrated data: The history.zip file is exfiltrated to a remote to dscan.yelabapp.com that is hosted on Amazon AWS servers, but the analysis of the DNS entries confirms that it is administered by an entity in China. Antivirus”, and ‘Dr.

Adware

Adware DNS Malware Advertising

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

It retrieves: System Info; Computer IP address; Network status; List of running processes; Available privileges; Usernames; Domain Admins; File on desktop machine; AntiVirus product on computer. Last DNS activity was in December 2018. Figure 14 – previous DNS of C2. Figure 7 – System information stealed by malware.

Malware

Malware DNS Social Engineering Advertising

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising DNS Antivirus

WinDealer dealing on the side

SecureList

JUNE 2, 2022

Such capabilities are not unheard of: the QUANTUM program revealed in 2014 was the first known instance. Full control over the DNS, meaning they can provide responses for non-existent domains. Injecting arbitrary TCP and UDP packets on the network, a capability through which they can send orders to WinDealer. Indicators of Compromise.

Malware

Malware Encryption Social Engineering Telecommunications

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Banking Energy and Utilities Accountability

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

That meant I tested the release candidates -- not the final product you’d buy in the stores - for consumer-grade antivirus programs, desktop firewalls, and desktop Intrusion detection systems. Vamosi: In the fall of 2014, Shellshock was publicly disclosed. Our story now skips ahead twenty years to 2014. Now, what to fuzz?

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

That meant I tested the release candidates -- not the final product you’d buy in the stores - for consumer-grade antivirus programs, desktop firewalls, and desktop Intrusion detection systems. Vamosi: In the fall of 2014, Shellshock was publicly disclosed. Our story now skips ahead twenty years to 2014. Now, what to fuzz?

Software

Software Passwords Internet Internet

5 Common Phishing Attacks and How to Avoid Them?

Security Affairs

AUGUST 19, 2019

It involves DNS cache poisoning as it redirects users to a malicious site even if they enter the correct web address. Another successful strategy for preventing phishing is to secure your device using anti-malware, antivirus, VPN and other security softwares. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Accountability Authentication Passwords

A month later Gamaredon is still active in Eastern Europe

Security Affairs

JUNE 4, 2019

Moreover, querying the services behind the latest associated DNS record the host responds with “403 Forbidden” message too, indicating the infrastructure may still be operative. Information about C2 and relative DNS. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords DNS Engineering Malware

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Firefox finally addressed the Antivirus software TLS Errors. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Bangladesh Cyber Heist 2.0:

Scams

Scams Spyware DNS Advertising

APT trends report Q1 2021

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Malware

Malware Spyware Government Social Engineering

The Hacker Mind Podcast: Scanning the Internet

ForAllSecure

NOVEMBER 2, 2021

But to find that information back in 2014, he had to scan the Internet, the entire internet and that was a very noisy process. He works for an antivirus company and he's been scanning for malware families on the internet. Vamosi: Most antivirus products are found on Windows, much less so on Mac and Linux. At this year's sector.

Internet

Internet Internet Malware Authentication

Cyber Security Informer

Linksys force password reset to prevent Router hijacking

Some Fortinet products used hardcoded keys and weak encryption for communications

Trending Sources

Why Malware Crypting Services Deserve More Scrutiny

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs newsletter Round 210 – News of the week

FIN7 Hackers group is back with a new loader and a new RAT

Apple removed the popular app Adware Doctor because steals user browsing history

The return of the AdvisorsBot malware

LimeRAT spreads in the wild

WinDealer dealing on the side

IT threat evolution Q3 2021

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

5 Common Phishing Attacks and How to Avoid Them?

A month later Gamaredon is still active in Eastern Europe

Security Affairs newsletter Round 221 – News of the week

APT trends report Q1 2021

The Hacker Mind Podcast: Scanning the Internet

Stay Connected