2014, DNS, Encryption and Hacking - Cyber Security Informer

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. SecurityAffairs – hacking, Tutanota).

DDOS

DDOS Encryption DNS Advertising

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Pierluigi Paganini.

Encryption

Encryption Antivirus DNS Advertising

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates.

Encryption

Encryption Advertising DNS Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The hacker behind Matrix.org hack offers advice to improve security

Security Affairs

APRIL 12, 2019

The hacker that hacked and defaced Matrix.org decided to disclose the security issues discovered during the attack and offers advice. This week, the hacker behind the hack of Matrix.org decided to disclose the vulnerabilities discovered during the attack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking DNS Passwords Data breaches

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” “As the communications are not encrypted, it is simple to Man-in-the-Middle the traffic and analyse the API.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Hacking DNS Authentication

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Ttint botnet).

IoT

IoT Firmware DNS Advertising

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. The account didn’t resume posting on the forum until April 2014. 5, 2014 , but historic DNS records show BHproxies[.]com com on Mar.

Accountability

Accountability Advertising Marketing Malware

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. SecurityAffairs – GALLIUM, hacking).

Telecommunications

Telecommunications DNS Malware Advertising

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Adobe, Last.

Data breaches

Data breaches DNS Advertising Engineering

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Pierluigi Paganini.

DDOS

DDOS IoT Internet Internet

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic. SecurityAffairs – FIN7, hacking).

Identity Theft

Identity Theft Hacking Advertising DNS

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

Attackers also noticed that systems infected with the above two families were also targeted with the RoyalDNS malware that uses DNS to communicate with the C&C server. Once executed the command the backdoor returns output through DNS. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Malware Advertising Manufacturing

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception. Pavel explained that attackers could also collect information even when the traffic is encrypted. SecurityAffairs – hacking, satellite).

Internet

Internet Internet Advertising Encryption

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Adobe, Last.

Data breaches

Data breaches DNS Advertising Engineering

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

DECEMBER 7, 2019

The hacking campaign confirmed that the Gamaredon operations are still ongoing and the high interest of the Kremlin in infiltrating the East European ecosystem, especially the Ukranian one. Upon reboot, the VBScript performs an HTTP GET request to fetch an encrypted stage from a dynamic DNS domain. ” concludes Anomaly.

Government

Government Advertising Media DNS

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

The new IoT malware borrows code from the Xor.DDoS and Mirai bots, it also implements fresh evasion techniques, for example, the authors have encrypted both the main component and its corresponding Lua script using the ChaCha stream cipher. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Architecture Malware

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The block page uses the domain “ urlblocked.pw ” registered the 26th of March 2020 with a free Let’s encrypt certificate.

Internet

Internet Internet Telecommunications DNS

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

.” The analysis of the bot revealed that it supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather Bot information, execute system commands, run encrypted files specified in URLs, DDoS attack, etc. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS System Administration Advertising DNS

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

Instead, the real IP address of the C2 is obfuscated with what is essentially an encryption algorithm. Experts pointed out that DGA is a double-edged sword because allows security researchers to analyze DNS and network traffic to enumerate bots. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Banking Advertising Ransomware

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

OilRig Description : According to MITRE , OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

In 2014 it reached the pinnacle of success, becoming the fourth largest botnet in the world. We named this botnet “Black” due to the RC4 key value, “black”, that is used for traffic encryption in this botnet.” The second STAGE-1 C&C server is used for controlling malware via an encrypted connection.

Malware

Malware DNS Encryption Banking

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

2014), as described on the MMD blog when MMD detected 5 variants active under almost 15 panels scattered in China network. To perform the malicious intent the attacker will need the ELF file to send, the script to be sent to hacked PC and the ELF file to be installed after infecting along with its execution toolset. On the MMD blog.

DDOS

DDOS Malware Encryption Penetration Testing

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Risk Encryption

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

AUGUST 20, 2019

The Trojan is used during the lateral movement stage and is designed to control compromised systems by performing tasks through the command shell and tunneling traffic using the DNS protocol. Silence has also changed its encryption alphabets, string encryption, and commands for the bot and the main module. APT, hacking).

Banking

Banking Cybercrime Cybersecurity Advertising

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

The malware command and control infrastructure abuses the Pastebin service to ensure resilience, in fact the malware dynamically retrieves the real C2 destination address from a pastie over an encrypted HTTPS channel. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10

Malware

Malware Advertising DNS Antivirus

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

A user reported that its D-Link DNS-320 device was infected by malicious code. The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware

Ransomware DNS Firmware Encryption

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). Contest: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran.

DNS

DNS Computers and Electronics Penetration Testing Government

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

It’s about challenging our expectations about people who hack for a living. Vamosi: In the fall of 2014, Shellshock was publicly disclosed. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption. Really, never roll your own encryption. And it's a doozy program.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

It’s about challenging our expectations about people who hack for a living. Vamosi: In the fall of 2014, Shellshock was publicly disclosed. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption. Really, never roll your own encryption. And it's a doozy program.

Software

Software Passwords Internet Internet

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

An encrypted snippet of code, for instance, has high entropy associated. The malware tries to resolve the DNS: sameerd.net. As shown, the DNS has not been resolved. Figure 31: Available ports of the malicious DNS. Figure 3: Passive DNS replication. SecurityAffairs – Muncy malware, hacking). Pay attention.

Malware

Malware Phishing DNS Engineering

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

NOVEMBER 10, 2018

However, since they do not encrypt your traffic and communications, your personal information can be easily accessed by an intruder. Also, all your data is passed through a secure encrypted tunnel, making it unreadable to the outside world. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Internet Internet Small Business

The ‘MartyMcFly’ investigation: Italian naval industry under attack

Security Affairs

NOVEMBER 14, 2018

DNS requests intercepted. The SSL certificate has been released by the “cPanel, Inc“ CA and is valid since 16th August 2018; this encryption certificate is likely related to the previously discussed HTTP 301 redirection due to the common name “ CN=wvpznpgahbtoobu.usa.cc ” found in the Issuer field. Edited by Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Phishing

Unveiling JsOutProx: A New Enterprise Grade Implant

Security Affairs

DECEMBER 20, 2019

Continuing to analyze the code, we reconstructed the approach used by the attacker to obfuscate the payload: all the necessary information has been encrypted, splitted, and then encoded in Base64 chunks stored into different structures named as “ta” , “t_ep” , “t_eq”. The “Dns” Plugin. Initialization of basic malware information.

Malware

Malware DNS Architecture Advertising

APT trends report Q1 2021

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Malware

Malware Spyware Government Social Engineering

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

I first met Dan when he was literally saving the world; okay, at least saving the internet as we know it today by disclosing to the major ISPs in the world a flaw he’d found in the Domain Name System or DNS. It’s about challenging our expectations about people who hack for a living. I hope you stick around.

Software

Software Backups Computers and Electronics Technology

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1834 — French Telegraph System — A pair of thieves hack the French Telegraph System and steal financial market information, effectively conducting the world’s first cyberattack. 1870 — Switchboard Hack — A teenager hired as a switchboard operator is able to disconnect and redirect calls and use the line for personal usage. .

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

German encrypted email service Tutanota suffers DDoS attacks

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Webinars

The hacker behind Matrix.org hack offers advice to improve security

Hacking the Twinkly IoT Christmas lights

New Ttint IoT botnet exploits two zero-days in Tenda routers

Who’s Behind the Botnet-Based Service BHProxies?

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

GALLIUM Threat Group targets global telcos, Microsoft warns

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

FBI warns cyber actors abusing protocols as new DDoS attack vectors

FIN7 Hackers group is back with a new loader and a new RAT

China-Linked APT15 group is using a previously undocumented backdoor

Spying on satellite internet comms with a $300 listening station

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Russia-linked Gamaredon group targets Ukraine officials

Chalubo, a new IoT botnet emerges in the threat landscape

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Roboto, a new P2P botnet targets Linux Webmin servers

Necurs Botnet adopts a new strategy to evade detection

OilRig APT group: the evolution of attack techniques over time

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

LimeRAT spreads in the wild

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Iran-linked APT34: Analyzing the webmask project

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

The Muncy malware is on the rise

VPN vs. proxy: which is better to stay anonymous online?

The ‘MartyMcFly’ investigation: Italian naval industry under attack

Unveiling JsOutProx: A New Enterprise Grade Implant

APT trends report Q1 2021

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Cyber CEO: The History Of Cybercrime, From 1834 To Present

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Stay Connected