Krebs on Security

MARCH 2, 2020

HYAS said it quickly notified the French national computer emergency team and the FBI about its findings, which pointed to a dynamic domain name system (DNS) provider on which the purveyors of this attack campaign relied for their various malware servers. ‘FATAL’ ERROR.

DNS 259

DNS Penetration Testing Malware Hacking 259

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. ” reads a blog post published by Avast. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS 72

DNS Passwords Advertising Banking 72

Security Affairs

SEPTEMBER 8, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE. Cyber Defense Magazine – September 2019 has arrived. Once again thank you!

IoT 74

IoT Data breaches DNS Advertising 74

Security Affairs

AUGUST 7, 2019

group_d : from March 2019 to August 2019 The evaluation process would take care of the following Techniques: Delivery , Exploit , Install and Command. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). group_a : from 2016 to August 2017 2.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

Cisco Security

MAY 12, 2022

Gamaredon often leverages malicious office files, distributed through spear phishing as the first stage of their attacks. Creation dates are going back as early as February 2019 and have a changing pattern for the registrant email. 02/2019-06/2020. Therefore, DNS and outgoing web traffic is crucial for its detection.

Malware 104

Malware DNS DDOS Phishing 104

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. 25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. If there is a specific DNS attack that threatened the conference, we supported Black Hat in blocking it to protect the network.

DNS 75

DNS Wireless Malware Firewall 75

SecureList

FEBRUARY 7, 2022

We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones. Roaming Mantis dabbles in mining and phishing multilingually. Link from smishing message redirects to Wroba or phishing page. Roaming Mantis, part III.

Phishing 86

Phishing DNS Mobile Malware 86

eSecurity Planet

DECEMBER 3, 2021

lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. — Jason Haddix (@Jhaddix) July 27, 2019.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

SecureList

MAY 27, 2022

Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. The phishing kit market.

Phishing 110

Phishing Spyware Firmware Malware 110

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Tomiris (Golang implant) Backdoor Golang Described in our original blog post. Some samples contain traces of Russian language.

Malware 96

Malware DNS Government Software 96

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The phishing campaign trying to impersonate DHL.

Malware 77

Malware Phishing DNS Engineering 77

SecureList

APRIL 27, 2022

On March 1, ESET published a blog post related to wipers used in Ukraine and to the ongoing conflict: in addition to HermeticWiper, this post introduced IsaacWiper, used to target specific machines previously compromised with another remote administration tool named RemCom, commonly used by attackers for lateral movement within compromised networks.

Malware 135

Malware Firmware Government Phishing 135

SecureList

JUNE 15, 2022

Phishing attacks on employees. Revenue: 8kk+$ (information is current as of 2019). There is access data to 2-3 domains of that network, the total number is 3-4, I don’t know exactly, see the screenshot below for DNS servers! Blackmailer blog: auction price of stolen data. Blackmailer blog: active auction.

VPN 97

VPN Accountability Ransomware Encryption 97