2017, Blog, DNS and Internet - Cyber Security Informer

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

Microsoft today released updates to address 147 security holes in Windows, Office , Azure ,NET Framework , Visual Studio , SQL Server , DNS Server , Windows Defender , Bitlocker , and Windows Secure Boot. “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

DNS

DNS Social Engineering Malware Media

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Experts at Cisco Talos and other security firms quickly drew parallels between the two mass spam campaigns, pointing to a significant overlap in Russia-based Internet addresses used to send the junk emails. When it was initially set up, it took advantage of two managed DNS servers assigned to it by GoDaddy — ns17.domaincontrol.com,

DNS

DNS Internet Internet Computers and Electronics

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

MARCH 29, 2021

An endpoint DNS solution could have stopped the Trojanized Orion version by refusing to resolve the domain names of the command-and-control servers, again disrupting the infection to the point that no real damage could be done. Every employee’s home network has a different set of security protocols and internet use is unregulated.

Hacking

Hacking DNS Firewall Malware

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of our industry partners, Qihoo360, published a blog post about an early variant of this malware family in 2017. There, CosmicStrand sleeps for 10 minutes and tests the internet connectivity of the infected machine. DNS requests are performed in this fashion, using either Google’s DNS server (8.8.8[.]8)

Firmware

Firmware DNS Malware Technology

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. Obviously, the image is resized to the width of paragraphs on this blog, give it a click if you want to check it out at 1:1 size.

Phishing

Phishing Password Management Passwords Internet

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

The Necurs botnet was not active for a long period at the beginning of 2017 and resumed its activity in April 2017 when it was observed using a new technique to avoid detection. ” reads a blog post published by the firm. ” continues the blog post. “At times, they’ve been known to be inactive for weeks.

DNS

DNS Banking Advertising Ransomware

Abusing cloud services to fly under the radar

Fox IT

JANUARY 12, 2021

These credentials are used in a credential stuffing or password spraying attack against the victim’s remote services, such as webmail or other internet reachable mail services. The earliest and longest lasting intrusion by this threat we observed, was at a company in the semiconductors industry in Europe and started early Q4 2017.

VPN

VPN Accountability Passwords DNS

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

LimeRAT is a powerful Remote Administration Tool publicly available to any internet user, it is an open-source project freely available on Github. Also, the attacker behind this sample leans on the Dynamic DNS service “warzonedns.com”, pointing to the 213.183.58[.10 10 IP address located in Russia. 1986[@gmail[.com”,

Malware

Malware Advertising DNS Antivirus

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. This blog post recounts Mirai’s tale from start to finish. Mirai takedown the Internet.

IoT

IoT DDOS Internet Internet

Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys

LRQA Nettitude Labs

APRIL 16, 2024

Unfortunately, when the PuTTY developers repurposed this DSA implementation for ECDSA in 2017, they made an oversight. via DNS spoofing) to redirect the user to a malicious SSH server would be able to capture signatures in order to exploit this vulnerability if the user ignores the SSH key fingerprint change warning.

Authentication

Authentication DNS Software Encryption

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

According to security firm Gemini Advisory, the Fin7 hacker group stole data on more than five million credit and debit cards that had been used at HBC credit card terminals beginning in May 2017. Evolving threats. vSkimmer malware, a successor to Dexter, dates back to 2013. Errors to avoid.

Retail

Retail Encryption Malware Artificial Intelligence

APT trends report Q1 2021

SecureList

APRIL 27, 2021

Further investigation of the Sunburst backdoor revealed several features that overlap with a previously identified backdoor known as Kazuar , a.NET backdoor first reported in 2017 and tentatively linked to the Turla APT group. In November and December 2020, two public blog posts were published about this campaign.

Malware

Malware Spyware Government Social Engineering

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Government Surveillance Spyware

Cyber Security Informer

April’s Patch Tuesday Brings Record Number of Fixes

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Trending Sources

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Humans are Bad at URLs and Fonts Don’t Matter

Necurs Botnet adopts a new strategy to evade detection

Abusing cloud services to fly under the radar

LimeRAT spreads in the wild

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys

Black Hat USA 2023 NOC: Network Assurance

Point-of-Sale (POS) Security Measures for 2021

APT trends report Q1 2021

APT trends report Q3 2021

Stay Connected