2015, DNS and Internet - Cyber Security Informer

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

FEBRUARY 24, 2019

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks.

Internet

Internet Internet DNS Telecommunications

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Telecommunications Advertising

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. ” reported ZDNet.

Internet

Internet Internet DNS Cyber Attacks

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

RuNet – Russia successfully concluded tests on its Internet infrastructure

Security Affairs

DECEMBER 24, 2019

Russia successfully disconnected from the internet. Russia’s government announced that it has successfully concluded a series of tests for its RuNet intranet aimed at country disconnection from the Internet. One of them is checking the integrity and security of the Internet as a result of external negative influences.”

Internet

Internet Internet DNS Surveillance

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

BIND DNS software includes a security feature that could be abused to cause DoS condition

Security Affairs

AUGUST 9, 2018

The Internet Systems Consortium (ISC) announced the presence of a serious flaw in the BIND DNS software that can be exploited by remote attackers to cause a denial-of-service (DoS) condition. The “deny-answer-aliases” feature is was implemented to help recursive server operators protect users against DNS rebinding attacks.

DNS

DNS Software Advertising Internet

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device.

DNS

DNS Malware Firmware Phishing

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

“ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Experts at SEC Consult pointed out that by intercepting and manipulating internet traffic an attacker can alter the responses for FortiGuard Web Filter, AntiSpam and AntiVirus features.

Encryption

Encryption Antivirus DNS Advertising

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. Since Linux is deployed on many IoT (Internet of Things) devices and cloud infrastructures, we are likely to see DDoS (distributed denial-of-system) attacks from botnets that have compromised such devices.

Malware

Malware IoT DDOS DNS

Explained: Domain fronting

Malwarebytes

DECEMBER 1, 2023

The list includes Amazon (banned in 2018), Google (2018), Microsoft (2022), and Cloudflare (2015). For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name. For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name.

DNS

DNS Internet Internet Encryption

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”.

DDOS

DDOS IoT Internet Internet

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking DNS Cryptocurrency Accountability

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising IoT

Security expert discovered a bug that affects million Kaspersky VPN users

Security Affairs

AUGUST 9, 2018

A security issue exists in Kaspersky VPN <=v1.4.0.216 which leaks your DNS Address even after you’re connected to any virtual server. What is a DNS leaks ? In this context, with the term “DNS leak” we indicate an unencrypted DNS query sent by your system OUTSIDE the established VPN tunnel.

VPN

VPN DNS Advertising Internet

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

The malware was first observed in the threat landscape in 2015, most of the victims were customers of Russian financial institutions. “ Redaman uses an application-defined hook procedure to monitor browser activity, specifically Chrome , Firefox, and Internet Explorer. ” Palo Alto Networks concludes. Pierluigi Paganini.

Banking

Banking Malware Advertising DNS

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

DDoS protection services provider Radware warns the Hoaxcalls Internet of Things (IoT) botnet has expanded the list of targeted devices, the experts also noticed that the operators implemented new distributed denial of service (DDoS) capabilities. The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods.

DDOS

DDOS IoT Advertising DNS

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware DNS Advertising

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report. ” concludes the report.

Phishing

Phishing Accountability Advertising DNS

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites.

DNS

DNS Advertising Firewall Mobile

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

For example, in 2010 Spamdot and its spam affiliate program Spamit were hacked, and its user database shows Sal and Icamis often accessed the forum from the same Internet address — usually from Cherepovets , an industrial town situated approximately 230 miles north of Moscow. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker. DDOS and Flooding – HTTP, DNS, SYN Self-implementation of Slowlaris. Once infected a device, it will be later used as an attacking platform. ” continues the analysis.

DDOS

DDOS DNS Malware Internet

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. “For data gathering, we played the role of a casual attacker with modest resources, scanning the internet for exposed MQTT brokers and CoAP hosts.

IoT

IoT Internet Internet Advertising

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

The Momentum bot achieves persistence by modifying the ‘ rc’ files, then connect to command and control (C&C) server and to an internet relay chat (IRC) channel called #HellRoom to register itself and accept commands. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware DDOS DNS Advertising

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

Even a device that is reaching outbound to the internet could be attacked and taken over. “ According to Shodan , there are over 808K SonicWall firewalls connected to the Internet, representing a similar number of networks that these devices defend.” ” reads the report published by Armis Labs. Pierluigi Paganini.

Risk

Risk IoT Firewall DNS

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

NOVEMBER 10, 2018

As such, it does not come as a surprise that people are becoming more and more concerned about their privacy on the Internet – and remaining anonymous is one of the best ways to protect it. A proxy acts as a middleman between you and the Internet. Now and then, we get to hear news about data breaches and cyber attacks.

VPN

VPN Internet Internet Small Business

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

change DNS settings to hijack the traffic, perform MitM attacks). An attacker-controlled router can manipulate how your users resolve DNS hostnames to direct your users to malicious websites.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the security advisory.

DNS

DNS Passwords Authentication Advertising

Netanyahu accuses Iran of cyber attacks carried out daily

Security Affairs

JANUARY 29, 2019

Early January, security experts at FireEye uncovered a DNS hijacking campaign that was targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Telecommunications DNS Advertising

Controversial law entered into effect in Russia this week

Security Affairs

NOVEMBER 3, 2019

This week a controversial law entered into effect in Russia, it would allow the government to cut internet traffic from the global Internet. This week a controversial law entered into effect in Russia, it would allow the Russian government to disconnect the country from the global Internet.

Internet

Internet Internet DNS Government

Zafran Uncovers Widespread WAF Vulnerability at Fortune 1000 Companies

SecureWorld News

DECEMBER 5, 2024

The root of the issue lies in how CDN/WAF providers handle traffic routing and validation: Origin servers fail to restrict access to traffic originating only from approved CDNs, making them directly accessible over the internet. An article by Imperva from 2015 (!!!) Failure to do so may lead to the discovered bypass.

DDOS

DDOS Architecture DNS Internet

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

“To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.” The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points.

Telecommunications

Telecommunications DNS Malware Advertising

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The experts demonstrated the remote management of the Twinkly lights carrying out the DNS rebinding attack technique. A DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost. Pierluigi Paganini. SecurityAffairs – SDUSD , data breach).

IoT

IoT Hacking DNS Authentication

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 217,000 instances, most of them located in the United States, France and Germany.

Passwords

Passwords System Administration Advertising DNS

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate botnet used only subdomains registered at the dynamic DNS provider No-IP to control infected devices. “This will prevent new victims from downloading secondary payloads from the internet. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising DNS Malware Hacking

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Mursch published the list of vulnerable devices released on Pastebi n.

IoT

IoT Wireless Advertising DNS

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

ICANN warns of large-scale attacks on Internet infrastructure

Trending Sources

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

NCSC report warns of DNS Hijacking Attacks

DHS issues emergency Directive to prevent DNS hijacking attacks

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Spying on satellite internet comms with a $300 listening station

Russia is going to disconnect from the internet as part of a planned test

Some Zyxel devices can be hacked via DNS requests

RuNet – Russia successfully concluded tests on its Internet infrastructure

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

BIND DNS software includes a security feature that could be abused to cause DoS condition

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

For nearly a year, Brazilian users have been targeted with router attacks

Some Fortinet products used hardcoded keys and weak encryption for communications

Massive increase in XorDDoS Linux malware in last six months

Explained: Domain fronting

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

FBI warns cyber actors abusing protocols as new DDoS attack vectors

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

TrickBot operators employ Linux variants in attacks after recent takedown

Security expert discovered a bug that affects million Kaspersky VPN users

New Russian Language Malspam is delivering Redaman Banking Malware

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Microsoft July 2020 Security Updates address 123 vulnerabilities

New Ttint IoT botnet exploits two zero-days in Tenda routers

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

FreakOut botnet target 3 recent flaws to compromise Linux devices

M2M protocols can be abused to attack IoT and IIoT systems

Trend Micro observed notable malware activity associated with the Momentum Botnet

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

VPN vs. proxy: which is better to stay anonymous online?

Some models of Comba and D-Link WiFi routers leak admin credentials

Netanyahu accuses Iran of cyber attacks carried out daily

Controversial law entered into effect in Russia this week

Zafran Uncovers Widespread WAF Vulnerability at Fortune 1000 Companies

GALLIUM Threat Group targets global telcos, Microsoft warns

Hacking the Twinkly IoT Christmas lights

Backdoored Webmin versions were available for download for over a year

Previously undetected VictoryGate Botnet already infected 35,000 devices

Dozens of Linksys router models leak data useful for hackers

Stay Connected