Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. SecurityAffairs – hacking, botnet).

DNS 128

DNS Cryptocurrency Internet Internet 128

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Ryuk first appeared in the threat landscape in August 2018 as a derivative of the Hermes 2.1 SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Healthcare 143

Healthcare Ransomware Cybercrime Advertising 143

Security Affairs

NOVEMBER 26, 2019

The flaw discovered by SEC Consult Vulnerability Lab researchers has been tracked as CVE-2018-9195, the experts also published a proof-of-concept (PoC) code to trigger it. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on.

Encryption 114

Encryption Antivirus DNS Advertising 114

Security Affairs

MARCH 17, 2022

The attack chain against the routers starts with brute-force attacks or by exploiting the CVE-2018-14847 flaw that allows reading a file that contains passwords. SecurityAffairs – hacking, RouterOS Scanner). The post Microsoft releases open-source tool for checking MikroTik Routers compromise appeared first on Security Affairs.

Malware 121

Malware DNS Passwords Ransomware 121

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. SecurityAffairs – hacking, InvisiMole). ” reads the advisory published by CERT-UA.

Spyware 84

Spyware DNS Phishing Government 84

Security Affairs

JUNE 27, 2021

Later the experts discovered that Crackonosh was also able to disable antivirus software from other major security vendors to avoid detection, including Windows Defender and Windows Update. The full list of IoCs: Avast IoC repository The list of URLs obtaining TXT DNS records: network.txt The list of common file names: filenames.txt.

Antivirus 109

Antivirus Cryptocurrency Malware Software 109

Security Affairs

MAY 2, 2021

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Mac OS zero-day).

Password Management 57

Password Management DNS Ransomware Malware 57

Security Affairs

JUNE 4, 2020

.” According to the Japanese security expert Masafumi Negishi, threat actors modified the primary DNS entry for the coincheck.com domain. ???????????? Coincheck uses Amazon’s managed DNS service, the attackers first registered a fake domain to the AWS server and replaced the legitimate awsdns-61.org NS ????????????

Accountability 94

Accountability Phishing DNS Cryptocurrency 94

Security Affairs

FEBRUARY 14, 2021

The administrators always claimed the exclusivity of their offer that is based on “self-hacked bases.”. The sized sites were at jstash.bazar, jstash.lib, jstash.emc, and jstash.coin, which are all those accessible via blockchain DNS. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cybercrime 97

Cybercrime Backups Hacking DNS 97

Security Affairs

NOVEMBER 9, 2020

Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor tracked as xHunt , aka Hive0081, which was first discovered in 2018. <C2 domain>. .”

DNS 113

DNS Accountability Government Cyber Attacks 113

Security Affairs

FEBRUARY 8, 2022

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Since then, the criminal group has continued its attack activities by using various malware families such as HEUR:Trojan-Dropper.AndroidOS.Wroba, and various attack methods such as phishing, mining, smishing and DNS poisoning.

Phishing 86

Phishing DNS Malware Hacking 86

Security Affairs

JUNE 18, 2020

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. The downloader communicates with C2 servers using DNS tunneling. SecurityAffairs – hacking, InvisiMole).

DNS 81

DNS Advertising Spyware Software 81

Security Affairs

MAY 15, 2023

“Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018.” The intelligence-gathering campaign started in mid-2022 and is likely still ongoing. ” reads the analysis published by Symantec.

Encryption 82

Encryption DNS Phishing Malware 82

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud. .

Cybercrime 64

Cybercrime DNS Malware Advertising 64

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. ” The GALLIUM threat actor is active, but its activity was more intense between 2018 and mid-2019. . SecurityAffairs – GALLIUM, hacking). ” continues the analysis.

Telecommunications 66

Telecommunications DNS Malware Advertising 66

Security Affairs

AUGUST 27, 2019

Security experts at Dragos Inc. According to Dragos, the Hexane group has been active since at least the middle of 2018, it intensified its activity since early 2019 with an escalation of tensions within the Middle East. The malware uses DNS and HTTP-based communication mechanisms. SecurityAffairs – Lyceum, hacking).

DNS 81

DNS Passwords Penetration Testing Social Engineering 81

Security Affairs

JULY 23, 2019

Attackers also noticed that systems infected with the above two families were also targeted with the RoyalDNS malware that uses DNS to communicate with the C&C server. Once executed the command the backdoor returns output through DNS. SecurityAffairs – APT15, hacking). Pierluigi Paganini.

DNS 86

DNS Malware Advertising Manufacturing 86

Security Affairs

OCTOBER 12, 2019

FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic. SecurityAffairs – FIN7, hacking).

Identity Theft 75

Identity Theft Hacking Advertising DNS 75

Security Affairs

JANUARY 14, 2021

The operations described by QiAnXin are attributed to an APT group active since at least April 2018. The threat actors also used dynamic DNS services to manage a pool of 70 different domain names (and also register new ones on a regular basis) that are dynamically assigned to IP addresses. SecurityAffairs – hacking, Operation Spalax).

Malware 109

Malware Surveillance Phishing Government 109

Security Affairs

FEBRUARY 16, 2019

According to the “The National Digital Economy Program” bill submitted to Parliament in 2018, Russian Internet service providers (ISPs) should ensure operations even if nation-state actors carry out cyber attacks to isolate Russia from the Internet. ” reported ZDNet.

Internet 88

Internet Internet DNS Cyber Attacks 88

Security Affairs

JULY 15, 2020

Trustwave SpiderLabs has not yet been able to obtain a copy of this file and is requesting assistance from our readers to contact us at goldenspy@trustwave.com if they have information on this file or a sample for us to analyze.” ” Experts speculate GoldenHelper was active from January 2018 until July 2019.

Software 82

Software Malware Banking Advertising 82

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. Over the period from 2009 to 2018, the threat actor defaced over 130 web pages. SecurityAffairs – hacking, Operation Lyrebird). Original post at [link]. Pierluigi Paganini.

Cybercrime 95

Cybercrime Phishing Banking Telecommunications 95

Security Affairs

AUGUST 7, 2019

group_b : from August 2017 to January 2018 3. group_c : from January 2018 to February 2018 4. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). I am a computer security scientist with an intensive hacking background.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

Security Affairs

AUGUST 20, 2019

Prior to April 2018, Silence’s target interests were primarily limited to 25 post-Soviet states and neighboring countries. Since the report “Silence: Moving into the darkside” was released in September 2018, Group-IB’s Threat Intelligence team has detected at least 16 new campaigns targeting banks launched by Silence.

Banking 56

Banking Cybercrime Cybersecurity Advertising 56

Security Affairs

MAY 13, 2019

Yoroi Cyber Security Annual Report 2018 – In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. Download the Yoroi Cyber Security Report 2018. SecurityAffairs – Yoroi Cyber Security Annual Report, malware).

Malware 79

Malware Advertising DNS Surveillance 79

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. jaysonstreet) March 3, 2018.

Accountability 134

Accountability Cybersecurity Penetration Testing InfoSec 134

Security Affairs

AUGUST 6, 2019

Few weeks ago, Unit42 discovered another active campaign , compatible with the Roma225 one we tracked on December 2018, pointing to some interesting changes into the attackers TTPs. Since December 2018, we are following the tracks of this ambiguous cyber criminal group, internally referenced as TH-173. Conclusion. Pierluigi Paganini.

Malware 64

Malware Advertising DNS Education 64

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. As for 2019, it has become the year of covert military operations in cyberspace.

Banking 86

Banking Telecommunications Marketing Internet 86

Security Affairs

JULY 7, 2019

Is Your Browser Secure? Heres How to Secure Your Web Browser Against Attacks! Vulnerability in Medtronic insulin pumps allow hacking devices. Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH).

Scams 48

Scams Spyware DNS Advertising 48

Security Affairs

DECEMBER 7, 2023

The 2018 hack of the Institute for Statecraft, a UK think tank engaged in initiatives to safeguard democracy against disinformation. Once notified, the DNS provider took action to mitigate actor-controlled domains abusing their service. The theft of UK-US trade documents leaked before the 2019 General Election.

DNS 92

DNS Government Accountability Phishing 92

Security Affairs

JULY 19, 2020

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 273 appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DNS 78

DNS Advertising Surveillance Malware 78

Lenny Zeltser

MAY 3, 2019

Enable security options according to your provider’s recommendations (e.g., the G Suite security checklist ). Lock down domain registrar and DNS settings. Tighten your domain configuration. Place websites behind a reputable cloud or plugin-based web application firewall (WAF). For background details, review these sources.

Cybersecurity 111

Cybersecurity Social Engineering Authentication Software 111