2014, DNS, Information Security and Malware

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Malware Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. “As a result these providers went down. .

DDOS

DDOS Encryption DNS Advertising

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software

Software Malware Banking Advertising

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS DNS Advertising

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. appeared first on Security Affairs. Pierluigi Paganini.

InfoSec

InfoSec DNS Advertising Marketing

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

According to a new report published by researchers from security firm Netscout , TrickBot’s operators have started to use a new variant of their malware in an attempt to Linux systems and expand the list of its targets. “Often delivered as part of a zip, this malware is a lightweight Linux backdoor.

DNS

DNS Banking Advertising IoT

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors.

Adware

Adware DNS Malware Advertising

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS

DNS Phishing Advertising Malware

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

This year, security experts at Avast have blocked more than 4.6 The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS

DNS Passwords Advertising Banking

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Security Affairs

JULY 15, 2023

Gamaredon has been active since 2014 and its activity focus on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo. The Gamaredon APT group continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. .

Social Engineering

Social Engineering DNS Accountability Malware

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

“Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

“The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites. The domain started to be associated with malware around the time of the re-registration, however, it is unclear whether this Vietnamese individual has any ties to the malware campaign.”

Hacking

Hacking Malware Advertising DNS

Conti Leak Indicators – What to block, in your SOC….

Security Affairs

AUGUST 6, 2021

If you are in doubt, check the subnets on [link] and look at known DNS entries to get an idea. For most organizations, the chance of false positives, when blocking these subnets, will be very low to non-existent. ’ Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, Conti ransomware).

Ransomware

Ransomware DNS Malware Hacking

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Security Affairs

DECEMBER 19, 2020

The Joker’s Stash carding platform has been active since October 7, 2014, it focuses on the sale of stolen payment card details. At the time of this writing the Joker’s Stash’s.bazar,lib,emc,coin domains, which are all those accessible via blockchain DNS, are simply showing a “Server Not Found” message. .

DNS

DNS Cybercrime Hacking Information Security

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, malware was used by threat actors to establish a backdoor in MSSQL Server 11 and 12 servers, allowing them to access to any account on the server using a “magic password.”

Malware

Malware Passwords Advertising DNS

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

SEPTEMBER 25, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Cisco fixes 34 High-Severity flaws in IOS and IOS XE software appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, DoS).

Software

Software DNS Wireless Advertising

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The threat actor behind the botnet used the new tool to hide the malicious process from process information programs such as `ps` and `lsof`and evading the detection. SecurityAffairs – hacking, malware).

Cryptocurrency

Cryptocurrency Cybercrime DNS Malware

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware DNS Advertising

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

Experts pointed out that GALLIUM threat actors were using common versions of malware and publicly available tools with a few changes to evade detection. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. ” continues the analysis. Pierluigi Paganini.

Telecommunications

Telecommunications DNS Malware Advertising

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

The attackers demonstrated an increasing level of sophistication across the years, they used custom-malware and various exploits in their attacks. “Second, we identified a previously undocumented malware family with strong links to the Ke3chang group – a backdoor we named Okrum. ” reads the report published by ESET.

DNS

DNS Malware Advertising Manufacturing

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.” The threat actors carried out spearphishing attacks using weaponized Excel attachments to deliver the DanBot malware. Pierluigi Paganini.

DNS

DNS Passwords Penetration Testing Social Engineering

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Security Affairs

OCTOBER 16, 2020

.” reads the post published by Damian Menscher, a Security Reliability Engineer for Google Cloud. “The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.” Pierluigi Paganini.

DDOS

DDOS DNS Advertising Engineering

Researchers dismantled ShuangQiang gang?s botnet that infected thousands of PCs

Security Affairs

MAY 27, 2020

“Recently, our DNS data based threat monitoning system DNSmon flagged a suspicious domain pro.csocools.com. “We traced its family back to the ShuangQiang (double gun) campaign, in the past, this campaign has been exposed by multiple security vendors, but it has rvivied and come back with new methods and great force.”

Advertising

Advertising DNS Software Malware

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – LinkSys, Data leak).

Wireless

Wireless IoT DNS Advertising

Cyber Defense Magazine – July 2019 has arrived. Enjoy it!

Security Affairs

JULY 1, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Mobile Malware Software

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Roboto botnet , malware). Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

Joker’s Stash, the largest carding site, is shutting down

Security Affairs

JANUARY 16, 2021

Joker’s Stash is one of the most longevous carding websites, it was launched in October 2014 and is very popular in the cybercrime underground due to the freshness of its cards and their validity. The sized sites were at jstash.bazar, jstash.lib, jstash.emc, and jstash.coin, which are all those accessible via blockchain DNS.

Cybercrime

Cybercrime DNS Hacking Marketing

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

The new loader is able to drop the malware directly in memory, it was dubbed BOOSTWRITE and allows threat actors to load several malicious codes, including the Carbanak backdoor. In March, the group carried out attacks delivering a previously unseen malware tracked as SQLRat that drops files and executes SQL scripts on the host.

Identity Theft

Identity Theft Hacking Advertising DNS

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Security Affairs newsletter Round 230 appeared first on Security Affairs. Pierluigi Paganini.

IoT

IoT Data breaches DNS Advertising

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

OilRig Description : According to MITRE , OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. T1388) , from group_b to group_d time frames OilRig used real Compromised User Accountsextracted by Malware (rif. Exploit Technique Over Time.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

An attacker can intercept the TCP connection in different ways, for example using DNS changer malware, targeting DNS servers and carrying out Man-in-The-Middle attacks. Armis reported the flaws to Wind River Systems, which are already released security patches and informed the impacted security vendors.

Risk

Risk IoT Firewall DNS

The kingpin behind Joker’s Stash retires with a billionaire exit

Security Affairs

FEBRUARY 14, 2021

Joker’s Stash is one of the most longevous carding websites, it was launched in October 2014 and is very popular in the cybercrime underground due to the freshness of its cards and their validity. The sized sites were at jstash.bazar, jstash.lib, jstash.emc, and jstash.coin, which are all those accessible via blockchain DNS.

Cybercrime

Cybercrime Backups Hacking DNS

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Webinars

Trending Sources

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Webinars

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Linksys force password reset to prevent Router hijacking

German encrypted email service Tutanota suffers DDoS attacks

GoldenHelper, a new malware delivered via Chinese tax software

Trend Micro observed notable malware activity associated with the Momentum Botnet

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs - Untitled Article

Hundreds of Microsoft sub-domains open to hijacking

Chinese-speaking cybercrime gang Rocke changes tactics

For nearly a year, Brazilian users have been targeted with router attacks

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Microsoft July 2020 Security Updates address 123 vulnerabilities

Hackers use hackers spreading tainted hacking tools in long-running campaign

Conti Leak Indicators – What to block, in your SOC….

Russia-linked APT28 has been scanning vulnerable email servers in the last year

FBI and Interpol shut down some servers of Joker’s Stash carding marketplace

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

TeamTNT group adds new detection evasion tool to its Linux miner

New Ttint IoT botnet exploits two zero-days in Tenda routers

GALLIUM Threat Group targets global telcos, Microsoft warns

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

China-Linked APT15 group is using a previously undocumented backdoor

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Lyceum APT made the headlines with attacks in Middle East

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Researchers dismantled ShuangQiang gang?s botnet that infected thousands of PCs

Dozens of Linksys router models leak data useful for hackers

Cyber Defense Magazine – July 2019 has arrived. Enjoy it!

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Roboto, a new P2P botnet targets Linux Webmin servers

Joker’s Stash, the largest carding site, is shutting down

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs newsletter Round 230

OilRig APT group: the evolution of attack techniques over time

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

The kingpin behind Joker’s Stash retires with a billionaire exit

Stay Connected