Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS 137

DNS Phishing Advertising Malware 137

Security Affairs

AUGUST 28, 2018

Experts from SecureWorks discovered a large phishing campaign targeting universities carried out by an Iran-linked threat actor COBALT DICKENS. Many of the domains used by COBALT DICKENS were registered between May and August 2018, most of them resolved to the same IP address and DNS name server. Pierluigi Paganini.

Phishing 105

Phishing Advertising DNS Hacking 105

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device.

DNS 107

DNS Malware Firmware Phishing 107

Security Affairs

APRIL 8, 2019

The latest wave of attacks aimed at spreading phishing links via SMS messages (SMiShing), most of the victims were users in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, and Vietnam. Attackers used a new method of phishing with malicious mobile configurations along with previously observed DNS manipulation technique.

DNS 110

DNS Mobile Phishing Malware 110

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. Then the attackers used the hijacked domain to launch spear-phishing attacks against some of its customers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. NS ????????????

Accountability 126

Accountability Phishing DNS Cryptocurrency 126

Security Affairs

MARCH 20, 2020

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014.

Phishing 145

Phishing Accountability Advertising DNS 145

Security Affairs

SEPTEMBER 14, 2018

In mid-August, the state-sponsored hackers launched a highly targeted spear-phishing email to a high-ranking office in a Middle Eastern nation. “In August 2018, Unit 42 observed OilRig targeting a government organization using spear-phishing emails to deliver an updated version of a Trojan known as BONDUPDATER.

DNS 103

DNS Phishing Government Malware 103

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS 106

DNS Passwords Advertising Banking 106

eSecurity Planet

MAY 23, 2023

When an organization sets up SPF, it helps Internet Service Providers (ISPs), email security vendors, and other email providers to validate an organization’s email communication and distinguish authorized communications from spoofed emails or phishing attacks attempting to impersonate that domain.

DNS 98

DNS Phishing Authentication Internet 98

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DNS 111

DNS Advertising Firmware Banking 111

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Adobe, Last.

Data breaches 108

Data breaches Advertising DNS Engineering 108

Security Affairs

SEPTEMBER 8, 2019

Experts devised advanced SMS phishing attacks against modern Android-based phones. Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT 101

IoT Data breaches DNS Advertising 101

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 111

Malware Financial Services DNS Retail 111

Security Affairs

MARCH 22, 2019

The attack chain starts with spear-phishing messages containing malicious attachments, the messages are specially crafted to trick victims into opening the message and execute the attached document. The emails would also drop the backdoor DNSbot that primarily operates over DNS traffic. ” continues the analysis.

Malware 109

Malware Identity Theft Cybercrime Hacking 109

Krebs on Security

JULY 18, 2023

KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com pleaded guilty to running LeakedSource[.]com

Hacking 242

Hacking Accountability Data breaches Marketing 242

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Adobe, Last.

Data breaches 93

Data breaches Advertising DNS Engineering 93

Cisco Security

OCTOBER 19, 2021

Phishing [ T1566 ]. Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2014-7169. CVE-2014-6278. CVE-2014-6277. CVE-2014-6271. CVE-2014-0160.

Firewall 144

Firewall Authentication DNS Accountability 144

Security Affairs

APRIL 21, 2019

Analyzing OilRigs malware that uses DNS Tunneling. Google is going to block logins from embedded browsers against MitM phishing attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computers and Electronics 94

Computers and Electronics Data breaches Spyware Advertising 94

Security Affairs

AUGUST 7, 2019

OilRig Description : According to MITRE , OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). Delivery Technique Over Time.

Computers and Electronics 104

Computers and Electronics Penetration Testing DNS Phishing 104

Security Affairs

MARCH 4, 2019

“These new capabilities represent a significant increase in Necurs’ ability to perpetrate spear phishing, financial crimes and espionage. Experts pointed out that DGA is a double-edged sword because allows security researchers to analyze DNS and network traffic to enumerate bots. ” continues the blog post.

DNS 106

DNS Banking Advertising Ransomware 106

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The phishing campaign trying to impersonate DHL.

Malware 102

Malware Phishing DNS Engineering 102

Security Affairs

FEBRUARY 1, 2019

Last DNS activity was in December 2018. Figure 14 – previous DNS of C2. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. This IP is already know at scientific community and labeled as malicious. Pierluigi Paganini.

Malware 109

Malware DNS Social Engineering Advertising 109

Security Affairs

DECEMBER 12, 2024

The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related to Ukrainian affairs, since October 2021. Gamaredon has been launching cyber-espionage campaigns on Ukraine since at least 2014. These are the first known mobile malware families linked to the Russian APT.

Mobile 97

Mobile Malware Surveillance Social Engineering 97

Security Affairs

SEPTEMBER 1, 2018

Cobalt hackers leverage spear-phishing emails to compromise target systems, messages spoof emails from financial institutions or a financial supplier/partner. The new campaign discovered by Netscout’s ASERT researchers presents a novelty, One one of the phishing emails sent by Cobalt contains two separate malicious URLs.

Cybercrime 77

Cybercrime Banking Phishing Advertising 77

Malwarebytes

MAY 5, 2022

Agent Tesla is a well-known data stealer written in.NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. The following email accounts were used in various phishing and data stealing operations: along.aalahajirazak.ibrahim@gmail.com administracion@romexpert.es titan.email (.pw

Malware 92

Malware Scams Phishing Accountability 92

Security Affairs

DECEMBER 7, 2019

State-sponsored hackers launched spear-phishing attackes using weaponized documents. Upon reboot, the VBScript performs an HTTP GET request to fetch an encrypted stage from a dynamic DNS domain. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the report published by Anomaly.

Government 88

Government Advertising Media DNS 88

Security Affairs

AUGUST 19, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . · 2.6 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 70

Data breaches DNS Advertising Hacking 70

Security Affairs

NOVEMBER 29, 2019

The group’s distinctive features are the high quality of their phishing attacks and the use of legitimate services, which makes it very difficult to detect its malicious activity in companies’ infrastructures. Silence reduced the use of phishing mail-outs, instead purchasing access to targeted banks from other groups (in particular TA505).

Banking 122

Banking Telecommunications Marketing Internet 122

Security Affairs

JULY 15, 2023

Gamaredon has been active since 2014 and its activity focus on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo. The group often uses spear-phishing emails and messages (Telegram, WhatsApp, Signal) as an initial attack vector. The cyberspies often use accounts that have been previously compromised.

Social Engineering 98

Social Engineering DNS Accountability Malware 98

Security Affairs

SEPTEMBER 6, 2018

During that wave, we also observed OilRig leveraging additional compromised email accounts at the same government organization to send spear phishing emails delivering the OopsIE trojan as the payload instead of QUADAGENT.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government 74

Government Phishing Malware Advertising 74

Security Affairs

NOVEMBER 14, 2018

DNS requests intercepted. OSINT investigations gathered evidence of past abuses of the “ xtyenvunqaxqzrm.usa.cc ” for malicious purposes, for instance an urlquery report dated back on 23rd August 2018 shows a phishing portal previously reachable at “ [link].usa.cc/maeskl Phishing page previously hosted on xtyenvunqaxqzrm.usa.cc .

Computers and Electronics 109

Computers and Electronics Penetration Testing Malware Phishing 109

Security Affairs

DECEMBER 20, 2018

The Cybaze -Yoroi ZLab dissected one of these recent Danabot variants spread across the Italian cyberspace leveraging “ Fattura ” themed phishing emails (e.g. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Technical Analysis.

Banking 105

Banking Malware Internet Internet 105

Herjavec Group

AUGUST 26, 2021

2002 – Internet Attack — By targeting the thirteen Domain Name System (DNS) root servers, a DDoS attack assaults the entire Internet for an hour. Justice Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation CyberSweep. .

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

Security Affairs

AUGUST 20, 2019

Like most APTs, Silence uses phishing emails to infect their victims. Ivoke was detected by Group-IB’s Threat Intelligence team in May 2019, when Silence sent out phishing emails purporting to be from a bank’s client with a request to block a card. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking 88

Banking Cybercrime Advertising Cybersecurity 88

eSecurity Planet

JULY 28, 2021

More robust security for Domain Name Systems (DNS). Custodian of the MediLedger Network, Chronicled first started deploying their blockchain platform in 2014 before zeroing in on life sciences in late 2016. Distributed PKI and multi-signature login capabilities. Verifying and logging software updates and downloads. Chronicled.

Cybersecurity 135

Cybersecurity Cryptocurrency Technology Energy and Utilities 135

SecureList

NOVEMBER 26, 2021

The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. While the MBR infection has been known since at least 2014, details on the UEFI bootkit were publicly revealed for the first time in our private report on FinSpy. cents per record).

Malware 135

Malware Banking Energy and Utilities Accountability 135

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Computers and Electronics 98

Computers and Electronics Penetration Testing Malware Government 98