2015, DNS, Encryption and Information Security

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. ” continues the post.

DDOS

DDOS Encryption DNS Advertising

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on.

Encryption

Encryption Antivirus DNS Advertising

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates.

Encryption

Encryption Advertising DNS Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware DNS Advertising

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last. Pierluigi Paganini.

Data breaches

Data breaches DNS Advertising Engineering

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

ESET also reported that the APT15 has been using the Ketrican backdoor since 2015, for downloading and uploading files, executing files and shell commands, and sleeping for a configurable time. . Once executed the command the backdoor returns output through DNS. Once executed the command the backdoor returns output through DNS.

DNS

DNS Malware Advertising Manufacturing

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. “MSTIC analysis indicates the use of dynamic DNS providers as opposed to registered domains is in line with GALLIUM’s trend towards low cost and low effort operations.”

Telecommunications

Telecommunications DNS Malware Advertising

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Ransomware: Encryption, Exfiltration, and Extortion. Ransomware perpetrators of the past presented a problem of availability through encryption. Nickels suggests organizations follow this guidance: Also Read: How Zero Trust Security Can Protect Against Ransomware. Detect Focus on encryption Assume exfiltration.

Software

Software Firmware DNS VPN

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last. Pierluigi Paganini.

Data breaches

Data breaches DNS Advertising Engineering

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

.” The analysis of the bot revealed that it supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather Bot information, execute system commands, run encrypted files specified in URLs, DDoS attack, etc. ” reads the analysis. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

Security experts at FireEye Mandiant discovered that the FIN7 hacking group has added new tools to its arsenal, including a new loader and a module that hooks into the legitimate remote administration software used by the ATM maker NCR Corporation. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Identity Theft

Identity Theft Hacking Advertising DNS

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. Adding this information to the block page would increase the transparency and trustworthiness of Telenor Myanmar.

Internet

Internet Internet Telecommunications DNS

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

Pavel explained that attackers could also collect information even when the traffic is encrypted. The analysis of DNS could reveal the user’s Internet browsing history while the analysis of TLS certificates could allow fingerprinting the servers the user connected.

Internet

Internet Internet Advertising Encryption

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). They begun development by introducing crafted communication protocol over DNS and later they added, to such a layer, encoding and encryption self build protocols. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

An encrypted snippet of code, for instance, has high entropy associated. The malware tries to resolve the DNS: sameerd.net. As shown, the DNS has not been resolved. Figure 31: Available ports of the malicious DNS. Figure 3: Passive DNS replication. Pay attention. The.text section is packed and has high entropy.

Malware

Malware Phishing DNS Engineering

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

AUGUST 20, 2019

The Trojan is used during the lateral movement stage and is designed to control compromised systems by performing tasks through the command shell and tunneling traffic using the DNS protocol. Silence has also changed its encryption alphabets, string encryption, and commands for the bot and the main module. Pierluigi Paganini.

Banking

Banking Cybercrime Cybersecurity Advertising

Unveiling JsOutProx: A New Enterprise Grade Implant

Security Affairs

DECEMBER 20, 2019

Initialization of basic malware information. Continuing to analyze the code, we reconstructed the approach used by the attacker to obfuscate the payload: all the necessary information has been encrypted, splitted, and then encoded in Base64 chunks stored into different structures named as “ta” , “t_ep” , “t_eq”.

Malware

Malware DNS Architecture Advertising

Cyber Security Informer

German encrypted email service Tutanota suffers DDoS attacks

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Webinars

New Ttint IoT botnet exploits two zero-days in Tenda routers

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

China-Linked APT15 group is using a previously undocumented backdoor

GALLIUM Threat Group targets global telcos, Microsoft warns

The Biggest Lessons about Vulnerabilities at RSAC 2021

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Roboto, a new P2P botnet targets Linux Webmin servers

FIN7 Hackers group is back with a new loader and a new RAT

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Spying on satellite internet comms with a $300 listening station

OilRig APT group: the evolution of attack techniques over time

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Black Hat USA 2023 NOC: Network Assurance

The Muncy malware is on the rise

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Unveiling JsOutProx: A New Enterprise Grade Implant

Stay Connected