2018, Accountability, DNS and Social Engineering

2018

Accountability

DNS

Social Engineering

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text: The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Running a reverse DNS lookup on this 111.90.149[.]49 Image: Escrow.com.

Phishing

Phishing DNS Social Engineering Accountability

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

According to Dragos, the Hexane group has been active since at least the middle of 2018, it intensified its activity since early 2019 with an escalation of tensions within the Middle East. Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals.

DNS

DNS Passwords Penetration Testing Social Engineering

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. Other interesting function is “j2aYhH”: Figure 8 – Accounts and emails stealing. This function searches for all email accounts registered on victim machine.

Malware

Malware DNS Social Engineering Advertising

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Fifteen years after the launch of the microblogging social media platform, Twitter remains a dominant public forum for instant communication with individuals and organizations worldwide on a universe of topics, including #cybersecurity. — Jack Daniel (@jack_daniel) October 10, 2018. jaysonstreet) March 3, 2018.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

The BlueNoroff cryptocurrency hunt is still on

SecureList

JANUARY 13, 2022

We reported about the first variant of such software back in 2018, but there were many other samples to be found, which was later reported by the US CISA (Cybersecurity and Infrastructure Security Agency) in 2021. This lets them mount high-quality social engineering attacks that look like totally normal interactions.

Cryptocurrency

Cryptocurrency Malware Accountability Banking

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

In November 2021, an unauthorized third party called a Robinhood customer support employee and, through social engineering , gained access to the company’s customer support systems. Between 2016 and 2018, the malware strain SamSam made brute force RDP attacks an integral part of its attacks on several public organizations.

VPN

VPN Software Authentication Encryption

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Recent UEFI attacks include a 2015 attack on a Ukrainian power grid and a 2018 attack where threat actors used a UEFI rootkit to drop additional malware in an extended episode. With initial access to a gateway, hackers can move laterally to an on-premises server, leading them to the internal DNS and Active Directory.

Software

Software Firmware DNS VPN

Coercing NTLM Authentication from SCCM

Security Boulevard

APRIL 13, 2022

This can be done using a low-privileged account on any Windows SCCM client. Client push installation accounts require local admin privileges to install software on systems in an SCCM site, so it is often possible to relay the credentials and execute actions in the context of a local admin on other SCCM clients in the site. Background.

Authentication

Authentication Accountability Penetration Testing Software

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

The attackers are mainly interested in collecting data on user accounts, IP addresses and session information; and they steal configuration files from programs that work directly with cryptocurrency and may contain account credentials. Since 2018, we have been tracking Roaming Mantis – a threat actor that targets Android devices.

Phishing

Phishing Spyware Firmware Malware

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Government Surveillance Spyware

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

Don’t share user accounts with others on your team. Many of the attack tactics involved elements of social engineering–persuasion tactics that take advantage of human psychology to trick victims into taking actions that have aided the adversaries. Lock down domain registrar and DNS settings. government.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

They hack into their teacher’s account and leave messages making fun of him. Air Force research facility, discover a password “sniffer” has been installed onto their network, compromising more than 100 user accounts. banks using the Zeus Trojan virus to crack open bank accounts and divert money to Eastern Europe.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Cyber Security Informer

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

Trending Sources

Lyceum APT made the headlines with attacks in Middle East

Webinars

The return of the AdvisorsBot malware

Top Cybersecurity Accounts to Follow on Twitter

The BlueNoroff cryptocurrency hunt is still on

Addressing Remote Desktop Attacks and Security

The Biggest Lessons about Vulnerabilities at RSAC 2021

Coercing NTLM Authentication from SCCM

IT threat evolution Q1 2022

APT trends report Q3 2021

Cybersecurity Checklist for Political Campaigns

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Stay Connected