2015, DNS, Encryption and Internet - Cyber Security Informer

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Pierluigi Paganini.

Encryption

Encryption Antivirus DNS Advertising

Explained: Domain fronting

Malwarebytes

DECEMBER 1, 2023

The list includes Amazon (banned in 2018), Google (2018), Microsoft (2022), and Cloudflare (2015). For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name. For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name.

DNS

DNS Internet Internet Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The block page uses the domain “ urlblocked.pw ” registered the 26th of March 2020 with a free Let’s encrypt certificate.

Internet

Internet Internet Telecommunications DNS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware DNS Advertising

Here's Why Your Static Website Needs HTTPS

Troy Hunt

JULY 12, 2018

The rapid adoption has been driven by a combination of ever more visible browser warnings (it was Chrome and Firefox's changes which prompted the aforementioned tipping point post), more easily accessible certificates via both Let's Encrypt and Cloudflare and a growing awareness of the risks that unencrypted traffic presents. DNS Hijacking.

DNS

DNS Wireless Risk Banking

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”.

DDOS

DDOS IoT Internet Internet

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

NOVEMBER 10, 2018

As such, it does not come as a surprise that people are becoming more and more concerned about their privacy on the Internet – and remaining anonymous is one of the best ways to protect it. A proxy acts as a middleman between you and the Internet. Now and then, we get to hear news about data breaches and cyber attacks.

VPN

VPN Internet Internet Small Business

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

“To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.” The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points.

Telecommunications

Telecommunications DNS Malware Advertising

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” “As the communications are not encrypted, it is simple to Man-in-the-Middle the traffic and analyse the API.” ” reads the analysis published by MWR InfoSecurity.

IoT

IoT Hacking DNS Authentication

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

The new IoT malware borrows code from the Xor.DDoS and Mirai bots, it also implements fresh evasion techniques, for example, the authors have encrypted both the main component and its corresponding Lua script using the ChaCha stream cipher. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Architecture Malware

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

.” The analysis of the bot revealed that it supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather Bot information, execute system commands, run encrypted files specified in URLs, DDoS attack, etc. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS System Administration Advertising DNS

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1988 — The Morris Worm — Robert Morris creates what would be known as the first worm on the Internet. 2002 – Internet Attack — By targeting the thirteen Domain Name System (DNS) root servers, a DDoS attack assaults the entire Internet for an hour. An industry expert estimates the attacks resulted in $1.2

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

What is the Automated Certificate Management Environment (ACME) Protocol?

Security Boulevard

AUGUST 12, 2022

The CA will issue challenges (DNS or HTTPS) requiring the agent to take an action that demonstrates control over said domain(s). Back in 2015, when Let’s Encrypt was was just emerging as a certificate-authority force, Josh Aas, the ISRG's executive director said that "Encryption should be the default for the web.

Encryption

Encryption DNS Backups Internet

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

Instead, the real IP address of the C2 is obfuscated with what is essentially an encryption algorithm. Experts pointed out that DGA is a double-edged sword because allows security researchers to analyze DNS and network traffic to enumerate bots. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Banking Advertising Ransomware

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

If the infected device isn’t connected to the Internet, the malware waits for a USB device with a specific volume name to be connected, then copies stolen data to that device. Point-to-point encryption: P2PE and tokenization, Miles said, are the one-two punch of an approach to card data security called data devaluation.

Retail

Retail Encryption Malware Artificial Intelligence

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

DeathStalker targets legal entities with new Janicab variant

SecureList

DECEMBER 8, 2022

However, some of the YouTube links observed are unlisted and go back to 2015, indicating a possible infrastructure reuse. In addition, newer Janicab variants have changed significantly in structure compared to older Janicab Windows variants from 2015. Law firms and financial institutions continue to be most affected by Deathstalker.

Malware

Malware DNS Engineering Internet

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

McAfee

SEPTEMBER 14, 2021

The PlugX families we observed used DNS [ T1071.001 ] [ T1071.004 ] as the transport channel for C2 traffic, in particular TXT queries. Another clue that helped us was the use of DNS tunneling by Winnti which we discovered traces of in memory. The hardcoded 208.67.222.222 resolves to a legitimate OpenDNS DNS server.

Malware

Malware DNS Accountability Manufacturing

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

The malware tries to connect to the remote host 149.154.157.104 (EDIS-IT IT) through an encrypted SSL channel, then it downloads other components and deletes itself from the filesystem. This way, it inspects all incoming and outgoing internet traffic. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Internet Internet

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

An encrypted snippet of code, for instance, has high entropy associated. All the network traffic on the machine has now been monitored, but no connections to the Internet has been performed. The malware tries to resolve the DNS: sameerd.net. Beforehand, we simulate a fake Internet, and the malicious request was received.

Malware

Malware Phishing DNS Engineering

Abusing cloud services to fly under the radar

Fox IT

JANUARY 12, 2021

These credentials are used in a credential stuffing or password spraying attack against the victim’s remote services, such as webmail or other internet reachable mail services. This specific document described how to access the internet facing company portal and the web-based VPN client into the company network. r = recurse subfolders.

VPN

VPN Accountability Passwords DNS

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

LimeRAT is a powerful Remote Administration Tool publicly available to any internet user, it is an open-source project freely available on Github. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10 10 IP address located in Russia. 1986[@gmail[.com”,

Malware

Malware Advertising DNS Antivirus

APT trends report Q1 2021

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Ferocious Kitten is an APT group that has been active against Persian-speaking individuals since 2015 and appears to be based in Iran.

Malware

Malware Spyware Government Social Engineering

Cyber Security Informer

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Some Fortinet products used hardcoded keys and weak encryption for communications

Webinars

Trending Sources

Explained: Domain fronting

Webinars

Spying on satellite internet comms with a $300 listening station

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

New Ttint IoT botnet exploits two zero-days in Tenda routers

Here's Why Your Static Website Needs HTTPS

FBI warns cyber actors abusing protocols as new DDoS attack vectors

VPN vs. proxy: which is better to stay anonymous online?

GALLIUM Threat Group targets global telcos, Microsoft warns

Hacking the Twinkly IoT Christmas lights

Chalubo, a new IoT botnet emerges in the threat landscape

Top SD-WAN Solutions for Enterprise Security

Roboto, a new P2P botnet targets Linux Webmin servers

Cyber CEO: The History Of Cybercrime, From 1834 To Present

What is the Automated Certificate Management Environment (ACME) Protocol?

Necurs Botnet adopts a new strategy to evade detection

Point-of-Sale (POS) Security Measures for 2021

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

DeathStalker targets legal entities with new Janicab variant

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

Analyzing a Danabot Paylaod that is targeting Italy

Black Hat USA 2023 NOC: Network Assurance

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

The Muncy malware is on the rise

Abusing cloud services to fly under the radar

LimeRAT spreads in the wild

APT trends report Q1 2021

Stay Connected