2014, DNS, Hacking and Passwords - Cyber Security Informer

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Telecommunications Advertising

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

The hacker behind Matrix.org hack offers advice to improve security

Security Affairs

APRIL 12, 2019

The hacker that hacked and defaced Matrix.org decided to disclose the security issues discovered during the attack and offers advice. This week, the hacker behind the hack of Matrix.org decided to disclose the vulnerabilities discovered during the attack. “An attacker gained access to the servers hosting Matrix.org.

Hacking

Hacking DNS Passwords Data breaches

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability

Accountability Advertising Marketing Malware

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. In this two-hour Arabic language YouTube tutorial from 2014 , Fatal.001

DNS

DNS Penetration Testing Malware Hacking

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” The experts demonstrated the remote management of the Twinkly lights carrying out the DNS rebinding attack technique. ’ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Hacking DNS Authentication

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

guru’s registration records also are hidden, yet passive domain name system (DNS) records for both cryptor[.]biz has been associated with the user Kerens on the Russian hacking forum Exploit from 2011 to the present day. has been associated with the user Kerens on the Russian hacking forum Exploit from 2011 to the present day.

Malware

Malware Antivirus Cybercrime Hacking

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Attackers used a new method of phishing with malicious mobile configurations along with previously observed DNS manipulation technique. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Mobile Phishing Malware

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Experts from BleepingComputer reported that attackers would change the configured DNS servers to 109 [. 234.35.230 and 94 [. 103.82.249. com winimage.com.

Malware

Malware DNS Advertising Cryptocurrency

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” states the analysis published by Avast.

DNS

DNS Passwords Advertising Banking

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. Pierluigi Paganini.

DNS

DNS Malware Firmware Phishing

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. “LYCEUM initially accesses an organization using account credentials obtained via password spraying or brute-force attacks. The malware uses DNS and HTTP-based communication mechanisms.

DNS

DNS Passwords Penetration Testing Social Engineering

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014. In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. Pierluigi Paganini.

Phishing

Phishing Accountability Advertising DNS

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

USBAnywhere BMC flaws expose Supermicro servers to hack. Some Zyxel devices can be hacked via DNS requests. Twitter temporarily disables feature to tweet via SMS after CEO hack. Over 600k GPS trackers left exposed online with a default password of ‘123456. Crooks stole €1.5 Pierluigi Paganini.

IoT

IoT Data breaches DNS Advertising

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

change DNS settings to hijack the traffic, perform MitM attacks). While analyzing the dual-band D-Link DSL-2875AL wireless router, the expert discovered that a file located at https : //[router ip address ] /romfile.cfg contains the login password of the device in plaintext. ” reads the security advisory. download=true.

DNS

DNS Passwords Authentication Wireless

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. The flaw affects the procedure for changing expired passwords, the backdoor could be exploited by a remote attacker to execute malicious commands with root privileges on the machine running vulnerable Webmin. .”

Passwords

Passwords System Administration Advertising DNS

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”. Change the default username and passwords for all network devices, especially IoT devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS IoT Internet Internet

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DNS

DNS Advertising Firmware Banking

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Adobe, Last.

Data breaches

Data breaches DNS Advertising Engineering

Security Affairs newsletter Round 209 – News of the week

Security Affairs

APRIL 14, 2019

DNS hijacking campaigns target Gmail, Netflix, and PayPal users. WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy. WPA3 attacks allow hackers to hack Wi-Fi password. VSDC video editing software website hacked again. The best news of the week with Security Affairs.

Data breaches

Data breaches DNS Advertising Surveillance

Security Affairs newsletter Round 192 – News of the week

Security Affairs

DECEMBER 16, 2018

Expert devised a new WiFi hack that works on WPA/WPA2. Hackers defaced Linux.org with DNS hijack. French foreign ministry announced its Travel Alert Registry Hack. Which are the worst passwords for 2018? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Million users. Pierluigi Paganini.

DNS

DNS Advertising DDOS Government

Analyzing the APT34’s Jason project

Security Affairs

JUNE 6, 2019

Security expert Marco Ramilli has analyzed the recently leaked APT34 hacking tool tracked as Jason – Exchange Mail BF. According to FireEye, APT34 has been active since 2014. Username and password list can be selected (included in the distributed ZIP file) and threads number should be provided in order to optimize the attack balance.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Passwords

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

Attackers hacked support agent to access Microsoft Outlook email accounts. RCE flaw in Electronic Arts Origin client exposes gamers to hack. Analyzing OilRigs malware that uses DNS Tunneling. Broadcom WiFi Driver bugs expose devices to hack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computers and Electronics

Computers and Electronics Spyware Data breaches Advertising

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

These are, of course, on top of the obviously ominous features such as password retrieval and key logging that are normally seen in Remote Access Trojans.”. In 2014, the U.S. “This makes it harder for targets to remove it from their systems. government said was used to infect more than a half million computers worldwide.

Advertising

Advertising Malware Marketing Software

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The issue discovered by the expert, in fact, could be used by attackers to discover if the vulnerable routers are still using default administrative passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Wireless

Wireless IoT DNS Advertising

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. The flaw affects the procedure for changing expired passwords, the backdoor could be exploited by a remote attacker to execute malicious commands with root privileges on the machine running vulnerable Webmin. ” reads the analysis.

DDOS

DDOS System Administration Advertising DNS

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Malwarebytes

MAY 5, 2022

Agent Tesla is a well-known data stealer written in.NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. Based on these profiles, we can see this threat actor has an extensive criminal record starting at least from 2014. Figure 2: Test emails sent by the attacker.

Malware

Malware Scams Phishing Accountability

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Adobe, Last.

Data breaches

Data breaches DNS Advertising Engineering

Security Affairs newsletter Round 175 – News of the week

Security Affairs

AUGUST 12, 2018

Firmware

Firmware DNS Advertising Surveillance

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Passwords Advertising DNS

Apple removed the popular app Adware Doctor because steals user browsing history

Security Affairs

SEPTEMBER 8, 2018

PoC: [link] #malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert. The expert discovered also that the gathered info was first stored in a password protected zip file named “history.zip”, then it would be uploaded to a remote server. Pierluigi Paganini.

Adware

Adware DNS Malware Advertising

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Researchers noticed that the majority of code in bot is new, the authors focused on their own Lua handling for launching DoS attacks with DNS, UDP, and SYN flavours. To mitigate the threat, experts recommend that sysadmins of SSH servers, including IoT devices, change any default passwords on those systems. Pierluigi Paganini.

IoT

IoT DDOS Architecture Malware

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

The scanner component also scans the Internet for servers that run services that have been left online exposed without a password or are using weak credentials. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Risk Encryption

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Keylogger module Backdoor and RDP access.

Malware

Malware Advertising DNS Antivirus

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). Contest: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran.

DNS

DNS Computers and Electronics Penetration Testing Government

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software

Software Passwords Internet Internet

Some Zyxel devices can be hacked via DNS requests

Linksys force password reset to prevent Router hijacking

Webinars

Trending Sources

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Webinars

NCSC report warns of DNS Hijacking Attacks

DHS issues emergency Directive to prevent DNS hijacking attacks

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

The hacker behind Matrix.org hack offers advice to improve security

Who’s Behind the Botnet-Based Service BHProxies?

French Firms Rocked by Kasbah Hacker?

Hacking the Twinkly IoT Christmas lights

Why Malware Crypting Services Deserve More Scrutiny

Recent Roaming Mantis campaign hit hundreds of users worldwide

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

For nearly a year, Brazilian users have been targeted with router attacks

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Lyceum APT made the headlines with attacks in Middle East

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs newsletter Round 230

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Some models of Comba and D-Link WiFi routers leak admin credentials

Backdoored Webmin versions were available for download for over a year

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Novidade, a new Exploit Kit is targeting SOHO Routers

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs newsletter Round 209 – News of the week

Security Affairs newsletter Round 192 – News of the week

Analyzing the APT34’s Jason project

Security Affairs newsletter Round 210 – News of the week

Canadian Police Raid ‘Orcus RAT’ Author

Dozens of Linksys router models leak data useful for hackers

Roboto, a new P2P botnet targets Linux Webmin servers

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs newsletter Round 175 – News of the week

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Apple removed the popular app Adware Doctor because steals user browsing history

Chalubo, a new IoT botnet emerges in the threat landscape

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

LimeRAT spreads in the wild

Iran-linked APT34: Analyzing the webmask project

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Stay Connected