2015, DNS, Hacking and Malware - Cyber Security Informer

Analyzing OilRig’s malware that uses DNS Tunneling

Security Affairs

APRIL 18, 2019

Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals.

DNS

DNS Malware Advertising Hacking

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Malware Advertising DDOS

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Malware Hacking

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking

Hacking Malware Advertising DNS

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks , in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Passwords

Passwords DNS Malware Advertising

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

FIN7 is back with a previously unseen SQLRat malware

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis.

Malware

Malware Identity Theft Cybercrime Hacking

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

Many of these faux-Zoom sites were used to distribute malware under the guise of links to online meetings. In 2015, Chinese hackers redirected the hijacked ShadesDaddy.com to a site selling counterfeit merchandise. ” Hacking campaigns exploiting poor domain name security can be more subtle. . What Can Be Done?

Hacking

Hacking Retail Cyber Insurance Authentication

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. SecurityAffairs – hacking, Tutanota).

DDOS

DDOS Encryption DNS Advertising

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers. Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. ” reads the analysis published by the experts.

DNS

DNS Malware Firmware Phishing

GoldenHelper, a new malware delivered via Chinese tax software

Security Affairs

JULY 15, 2020

Security researchers discovered another malware family delivered through tax software that some businesses operating in China are required to install. Security researchers at Trustwave have discovered another malware family delivered through tax software that Chinese banks require companies operating in the country to install.

Software

Software Malware Banking Advertising

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service. The analysis of the configuration file of malware allowed the identification of the intended target. SecurityAffairs – Winnti, hacking).

DNS

DNS Malware Advertising Software

OilRig APT uses Karkoff malware along with DNSpionage in recent attacks

Security Affairs

APRIL 24, 2019

Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. ” reads the analysis published by Talos. ” continues the experts.

Malware

Malware DNS Advertising Hacking

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising DNS

Security Affairs newsletter Round 273

Security Affairs

JULY 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Advertising Surveillance Malware

Nigerian Tesla: 419 scammer gone malware distributor unmasked

Malwarebytes

MAY 5, 2022

The technique is really simple as it only requires an email account that sends messages to itself containing stolen credentials for each victim that executed the malware on their computer. We have records indicating that several Adobe fake pages were deployed from 2015 until recently. Test successful! ” from the same machine.

Malware

Malware Scams Phishing Accountability

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

According to a new report published by researchers from security firm Netscout , TrickBot’s operators have started to use a new variant of their malware in an attempt to Linux systems and expand the list of its targets. “Often delivered as part of a zip, this malware is a lightweight Linux backdoor. Pierluigi Paganini.

DNS

DNS Banking Advertising IoT

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 3 – Piece of VBS script that starts malware infection. DLL Analysis.

Malware

Malware DNS Social Engineering Advertising

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a recent Roaming Mantis campaign. Security experts at Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a new campaign associated with Roaming Mantis gang.

DNS

DNS Mobile Phishing Malware

Prevent Data Breaches from Hitting Your College Campus

SiteLock

AUGUST 27, 2021

In 2015, the education sector was among the top three sectors breached , behind healthcare and retail. Some of the most common attacks cybercriminals use to breach higher education institutions are hacking, malware and DDoS attacks. Hacking Your College Campus. Expelling Malware from School.

Data breaches

Data breaches DDOS Education Malware

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS DNS Advertising

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware

Malware Phishing DNS Engineering

Hundreds of Microsoft sub-domains open to hijacking

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS

DNS Phishing Advertising Malware

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. SecurityAffairs – hacking, Internet).

Internet

Internet Internet DNS Advertising

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

Security Affairs

JUNE 16, 2020

A remote attacker could exploit the flaw by sending specially crafted IP packets or DNS requests to the vulnerable devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Ripple20, hacking). ” concludes the report. Pierluigi Paganini.

Hacking

Hacking IoT Advertising DNS

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Cyber Defense Magazine November 2020 ). Click here to check out or media kit and market with us, today. email: marketing@cyberdefensemagazine.com.

InfoSec

InfoSec DNS Advertising Marketing

Security Affairs - Untitled Article

Security Affairs

JULY 17, 2019

Threat actors used the Extembro DNS- changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS- changer Trojan to prevent users from accessing websites of security vendors. ” concludes the analysis.

Adware

Adware DNS Malware Advertising

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Security Affairs

JANUARY 19, 2019

“This malware is a lure Excel document with name ‘???????.xlsm’. The final stage malware is a backdoor written in C#. According to the analysis made by malware researchers from Palo Alto Networks, the text file includes parts of a Windows Script Component (.SCT) The final stage malware is a backdoor written in C#.

DNS

DNS Penetration Testing Malware Advertising

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

Security Affairs

SEPTEMBER 14, 2018

The OilRig hacker group has been around since at least 2015, since then it targeted mainly organizations in the financial and government sectors, in the United States and Middle Eastern countries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Security Affairs – OilRig APT, hacking ).

DNS

DNS Phishing Government Malware

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

“Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

The attackers demonstrated an increasing level of sophistication across the years, they used custom-malware and various exploits in their attacks. “Second, we identified a previously undocumented malware family with strong links to the Ke3chang group – a backdoor we named Okrum. ” reads the report published by ESET.

DNS

DNS Malware Advertising Manufacturing

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. Experts pointed out that GALLIUM threat actors were using common versions of malware and publicly available tools with a few changes to evade detection. ” continues the analysis.

Telecommunications

Telecommunications DNS Malware Advertising

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The group has been observed using new tactics, techniques, and procedures (TTPs), it is also using updated malware to evade detection. “the actor moved away from hosting the scripts on dedicated servers and instead started to use Domain Name System (DNS) text records. Pierluigi Paganini.

Cybercrime

Cybercrime DNS Malware Advertising

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Ttint botnet).

IoT

IoT Firmware DNS Advertising

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

SEPTEMBER 25, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, DoS). Two vulnerabilities can allow authenticated attackers with local access to the target devices to execute arbitrary code. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Software

Software DNS Wireless Advertising

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages. SecurityAffairs – APT28, hacking).

Phishing

Phishing Accountability Advertising DNS

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” reads a blog post published by Avast.

DNS

DNS Passwords Advertising Banking

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.” The threat actors carried out spearphishing attacks using weaponized Excel attachments to deliver the DanBot malware. Pierluigi Paganini.

DNS

DNS Passwords Penetration Testing Social Engineering

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Healthcare

Healthcare Ransomware Cybercrime Advertising

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker. Brute Force – using hard coded credentials With this list, the malware tries connecting to other network devices using Telnet. SecurityAffairs – hacking, FreakOut botnet).

DDOS

DDOS DNS Malware Internet

Analyzing OilRig’s malware that uses DNS Tunneling

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Webinars

Trending Sources

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Webinars

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Hackers use hackers spreading tainted hacking tools in long-running campaign

Linksys force password reset to prevent Router hijacking

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

FIN7 is back with a previously unseen SQLRat malware

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

German encrypted email service Tutanota suffers DDoS attacks

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

GoldenHelper, a new malware delivered via Chinese tax software

China-linked Winnti APT targets South Korean Gaming firm

OilRig APT uses Karkoff malware along with DNSpionage in recent attacks

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs newsletter Round 273

Nigerian Tesla: 419 scammer gone malware distributor unmasked

TrickBot operators employ Linux variants in attacks after recent takedown

The return of the AdvisorsBot malware

Recent Roaming Mantis campaign hit hundreds of users worldwide

Prevent Data Breaches from Hitting Your College Campus

Trend Micro observed notable malware activity associated with the Momentum Botnet

The Muncy malware is on the rise

Hundreds of Microsoft sub-domains open to hijacking

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs - Untitled Article

DarkHydrus adds Google Drive support to its RogueRobin Trojan

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

Microsoft July 2020 Security Updates address 123 vulnerabilities

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

China-Linked APT15 group is using a previously undocumented backdoor

GALLIUM Threat Group targets global telcos, Microsoft warns

Chinese-speaking cybercrime gang Rocke changes tactics

New Ttint IoT botnet exploits two zero-days in Tenda routers

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Russia-linked APT28 has been scanning vulnerable email servers in the last year

For nearly a year, Brazilian users have been targeted with router attacks

Lyceum APT made the headlines with attacks in Middle East

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

FreakOut botnet target 3 recent flaws to compromise Linux devices

Stay Connected