2019, DNS, Encryption and VPN - Cyber Security Informer

2019

DNS

Encryption

VPN

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. PASSIVE DNS. That changed on Jan.

DNS

DNS Internet Internet Government

Does Your Domain Have a Registry Lock?

Krebs on Security

JANUARY 24, 2020

On December 23, 2019, unknown attackers began contacting customer support people at OpenProvider , a popular domain name registrar based in The Netherlands. 23, 2019, the e-hawk.net domain was transferred to a reseller account within OpenProvider. ” Dijkxhoorn shared records obtained from OpenProvider showing that on Dec.

DNS

DNS Social Engineering Engineering Accountability

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

” The GALLIUM threat actor is active, but its activity was more intense between 2018 and mid-2019. link] — bk (Ben K) (@bkMSFT) December 12, 2019. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. ” continues the analysis.

Telecommunications

Telecommunications DNS Malware Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Abusing cloud services to fly under the radar

Fox IT

JANUARY 12, 2021

NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020. After obtaining a valid account, they use this account to access the victim’s VPN, Citrix or another remote service that allows access to the network of the victim.

VPN

VPN Accountability Passwords DNS

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

By exploiting weak server vulnerabilities, the Iran-based hackers were able to gain access, move laterally, encrypt IT systems, and demand ransom payment. For the generation of remote work and operations, Check Point Remote Access VPN offers central management and policy administration for controlling access to corporate networks.

VPN

VPN Software Authentication Encryption

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Ransomware: Encryption, Exfiltration, and Extortion. Ransomware perpetrators of the past presented a problem of availability through encryption. Detect Focus on encryption Assume exfiltration. Whether it’s a VPN , firewall , or remote access server, unauthorized entry via network gateways is a problem.

Software

Software Firmware DNS VPN

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

McAfee

SEPTEMBER 14, 2021

The PlugX families we observed used DNS [ T1071.001 ] [ T1071.004 ] as the transport channel for C2 traffic, in particular TXT queries. Another clue that helped us was the use of DNS tunneling by Winnti which we discovered traces of in memory. The hardcoded 208.67.222.222 resolves to a legitimate OpenDNS DNS server. 180.50.*.*.

Malware

Malware DNS Accountability Manufacturing

How much does access to corporate infrastructure cost?

SecureList

JUNE 15, 2022

Complex attacks almost invariably feature several phases, such as reconnaissance, initial access to the infrastructure, gaining access to target systems and/or privileges, and the actual malicious acts (data theft, destruction or encryption, etc.). Request for access to corporate VPN. Access type: VPN. Access type: VPN.

VPN

VPN Accountability Ransomware Encryption

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Trickbot module descriptions

SecureList

OCTOBER 19, 2021

Downloaded modules are encrypted, and can be decrypted with the Python script below. However, in early 2019 an updated module was released. It retrieves the DNS names of all the directory trees in the local computer’s forest. This module contains the encrypted embedded module RwDrv.sys. permaDll32.

Banking

Banking Passwords VPN Internet

APT trends report Q1 2021

SecureList

APRIL 27, 2021

One of the suspected FinFly Web servers was active for more than a year between October 2019 and December 2020. We investigated a long-running espionage campaign, dubbed A41APT, targeting multiple industries, including the Japanese manufacturing industry and its overseas bases, which has been active since March 2019.

Malware

Malware Spyware Government Social Engineering

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Does Your Domain Have a Registry Lock?

Webinars

Trending Sources

GALLIUM Threat Group targets global telcos, Microsoft warns

Webinars

Abusing cloud services to fly under the radar

Addressing Remote Desktop Attacks and Security

The Biggest Lessons about Vulnerabilities at RSAC 2021

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

How much does access to corporate infrastructure cost?

Black Hat USA 2023 NOC: Network Assurance

Trickbot module descriptions

APT trends report Q1 2021

Stay Connected