2019, Architecture, DNS and Information Security

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

This requires a robust connection to the Internet (Lumen and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Commscope Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. SECURITY CATEGORY (PHISHING).

DNS

DNS Firewall Phishing Mobile

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems.

Architecture

Architecture DDOS Advertising Firmware

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. The campaign was uncovered by CrowdStrike by investigating a series of security incidents in multiple countries, the security firm added that the threat actors show an in-depth knowledge of telecommunications network architectures.

Telecommunications

Telecommunications Mobile Hacking Architecture

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

The payload fetched by the PowerShell targets 64-bit architecture systems, it is a long script consisting of three components: Tater (Hot Potato – privilege escalation) PowerSploit Embedded exploit bundle binary (privilege escalation). Most of the servers are located in China and belong to the infrastructure of the PurpleFox botnet.

Encryption

Encryption DNS Architecture Firewall

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

The Momentum bot targets various Linux platforms running upon multiple CPU architectures, including ARM, MIPS, Intel, and Motorola 68020. The C&C servers were live as recently as November 18 2019.” “Smart and connected devices are prone compromise because of limited security settings and protection options. .

Malware

Malware DDOS DNS Advertising

A roadmap for developing a secure enterprise cloud operating model

SC Magazine

JUNE 4, 2021

Today’s columnist, Raj Badhwar of Voya Financial, says to prevent cloud-based breaches like the one that happened to Capital One in 2019, security teams need to develop an enterprise cloud operating model based on a cloud-first approach. Design core cloud security patterns that comply with the policy and standards.

Penetration Testing

Penetration Testing DNS Technology CISO

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

The PortReuse backdoor has a modular architecture, experts discovered that its components are separate processes that communicate through named pipes. “The Winnti Group is still very active in 2019 and continues to target both gaming and other industries. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Mobile Malware Software

Black Hat USA 2022 Continued: Innovation in the NOC

Cisco Security

AUGUST 29, 2022

25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. Cisco is a Premium Partner of the Black Hat NOC , and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat. Umbrella DNS into NetWitness SIEM and Palo Alto Firewall .

DNS

DNS Wireless Malware Firewall

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Group-IB, has analyzed key recent changes to the global cyberthreat landscape in the “Hi-Tech Crime Trends 2019/2020” report. According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. As for 2019, it has become the year of covert military operations in cyberspace.

Banking

Banking Telecommunications Marketing Internet

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Cyber Security Informer

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Black Hat USA 2021 Network Operations Center

Trending Sources

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

China-linked LightBasin group accessed calling records from telcos worldwide

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Trend Micro observed notable malware activity associated with the Momentum Botnet

A roadmap for developing a secure enterprise cloud operating model

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Black Hat USA 2022 Continued: Innovation in the NOC

Group-IB presents its annual report on global threats to stability in cyberspace

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Black Hat USA 2023 NOC: Network Assurance

Stay Connected