2019, DNS and Hacking - Cyber Security Informer

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide.

DNS

DNS Firewall DDOS Hacking

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

What Is DNS And Why Should Your Business Care?

Adam Levin

MARCH 21, 2019

Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. Today, less than 20% of DNS traffic is secured by DNSSEC, and only three percent of Fortune 1,000 companies have implemented it.

DNS

DNS Government Internet Internet

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

FEBRUARY 18, 2020

Having said that I found Income Tax Department India and MIT Sloan was also vulnerable to CVE-2019-0604 a remote code execution vulnerability which exists in Microsoft SharePoint. To verify this I’ve sent a crafted payload which enable the remote server (incometaxindia.gov.in) to perform a DNS lookup on my burp collaborator.

DNS

DNS Advertising Government Hacking

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. on the CVSS scale and affects Windows Server versions 2003 to 2019. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS.

DNS

DNS Government Advertising Engineering

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. In a legal settlement that is quintessentially Canadian, the matter was resolved in 2019 after Defiant Tech agreed to plead guilty.

Hacking

Hacking Accountability Data breaches Marketing

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server.

DNS

DNS Advertising Malware Hacking

Microsoft Patch Tuesday, March 2021 Edition

Krebs on Security

MARCH 9, 2021

The IE weakness — CVE-2021-26411 — affects both IE11 and newer EdgeHTML-based versions, and it allows attackers to run a file of their choice by getting you to view a hacked or malicious website in IE. “There is the outside chance this could be wormable between DNS servers,” warned Trend Micro’s Dustin Childs.

DNS

DNS Internet Internet Software

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Telecommunications Advertising

Cyber Defense Magazine – July 2019 has arrived. Enjoy it!

Security Affairs

JULY 1, 2019

Cyber Defense Magazine July 2019 Edition has arrived. Cyber Defense Magazine July 2019 Edition has arrived. SecurityAffairs – Cyber Defense Magazine, hacking). The post Cyber Defense Magazine – July 2019 has arrived. The post Cyber Defense Magazine – July 2019 has arrived. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

Cyber Defense Magazine – August 2019 has arrived. Enjoy it!

Security Affairs

AUGUST 1, 2019

Cyber Defense Magazine August 2019 Edition has arrived. In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites.

DNS

DNS Advertising Firewall Mobile

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

Cyber Defense Magazine September 2019 Edition has arrived. In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites.

DNS

DNS Advertising Firewall Mobile

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text: The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Running a reverse DNS lookup on this 111.90.149[.]49 Image: Escrow.com.

Phishing

Phishing DNS Social Engineering Accountability

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains. Guilmette told KrebsOnSecurity he initially considered the possibility that GoDaddy had been hacked, or that thousands of the registrar’s customers perhaps had their GoDaddy usernames and passwords stolen.

DNS

DNS Internet Internet Computers and Electronics

Crooks social-engineered GoDaddy staff to take over crypto-biz domains

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering

Social Engineering Engineering DNS Data breaches

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. ‘FATAL’ ERROR. to for a user named “ fatal.001.”

DNS

DNS Penetration Testing Malware Hacking

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Researchers detected Roaming Mantis-related malware over 6,800 times for more than 950 unique users in the period between February 25 and March 20, 2019. SecurityAffairs – Roaming Mantis, hacking). Pierluigi Paganini.

DNS

DNS Mobile Phishing Malware

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. .” SecurityAffairs – hacking, Mozi botnet). Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Follow me on Twitter: @securityaffairs and Faceboo k and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Sea Turtle) The researchers believe that the Turkey-linked APT Sea Turtle has been active since at least 2017.

Media

Media Accountability Telecommunications Government

How to Hack Dell computers exploiting a flaw in pre-installed Dell SupportAssist

Security Affairs

MAY 2, 2019

The remote code execution flaw, tracked as CVE-2019-3719, affects Dell SupportAssist Client versions prior to version 3.2.0.90. The expert published a video PoC of the hack and the source code of the proof of concept : Pierluigi Paganini. SecurityAffairs – Dell SupportAssist , hacking). Then, when the victim requests [random].dell.com,

Hacking

Hacking Software DNS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

Researchers believe that at least five different merchants and exchanges were used to fund the Glupteba addresses since 2019. The experts used passive DNS records to uncover Glupteba domains and hosts and analyzed the latest set of TLS certificates used by the bot to figure out the infrastructure used by the attackers.

DNS

DNS Antivirus Cryptocurrency Software

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. The group was observed using this scheme between 2019 and 2020, and according to the experts, most of the compromised email accounts belong to defense companies in the Middle East.

Phishing

Phishing Accountability Advertising DNS

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications. ” “The actors behind Trickbot, a high profile banking trojan, have recently developed a Linux port of their new DNS command and control tool known as Anchor_DNS.”

DNS

DNS Banking Advertising IoT

New Mirai variant appears in the threat landscape

Security Affairs

MARCH 16, 2021

SecurityAffairs – hacking, Mirai). “The attacks are still ongoing at the time of this writing. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Wireless

Wireless IoT DNS VPN

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE. USBAnywhere BMC flaws expose Supermicro servers to hack. Cyber Defense Magazine – September 2019 has arrived. Some Zyxel devices can be hacked via DNS requests. Twitter temporarily disables feature to tweet via SMS after CEO hack.

IoT

IoT Data breaches DNS Advertising

Flaws in the BlueStacks Android emulator allows remote code execution and more

Security Affairs

JUNE 27, 2019

In April, the researcher Nick Cano discovered that BlueStacks versions prior than v4.90.0.1046 are affected by a DNS rebinding vulnerability that allowed attackers to gain access to the emulator’s IPC functions. BlueStacks addressed the flaw with the release 4.90.0.1046 available since May 27th, 2019.

DNS

DNS Backups Advertising Authentication

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS

DNS Advertising Spyware Software

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems. SecurityAffairs – hacking, Pink botnet). Pierluigi Paganini.

Architecture

Architecture DDOS Advertising Firmware

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. SecurityAffairs – hacking, cyber security). Pierluigi Paganini.

Telecommunications

Telecommunications Mobile Hacking Architecture

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. SecurityAffairs – hacking, ransomware). Several groups of experts linked both TrickBot and Ryuk threats to cybercrime gangs operating out of Russia. .

Healthcare

Healthcare Ransomware Cybercrime DNS

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Engineering Internet

Hackers Alter Cobalt Strike Beacon to Target Linux Environments

eSecurity Planet

SEPTEMBER 17, 2021

A significant part of hacking consists of diverting the function of existing systems and software, and hackers often use legitimate security tools to perform cyber attacks. Cobalt Strike Beacon Linux enables emulation of advanced attacks to a network over HTTP, HTTPS, or DNS. A New Variant of Cobalt Strike.

DNS

DNS Malware Software Security Awareness

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.

Cybercrime

Cybercrime DNS Malware Advertising

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. link] — bk (Ben K) (@bkMSFT) December 12, 2019. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points.

Telecommunications

Telecommunications DNS Malware Advertising

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

According to Dragos, the Hexane group has been active since at least the middle of 2018, it intensified its activity since early 2019 with an escalation of tensions within the Middle East. The malware uses DNS and HTTP-based communication mechanisms. Experts pointed out that Lyceum does not use sophisticated hacking techniques.

DNS

DNS Penetration Testing Passwords Social Engineering

Security Affairs newsletter Round 209 – News of the week

Security Affairs

APRIL 14, 2019

DNS hijacking campaigns target Gmail, Netflix, and PayPal users. Adobe Patch Tuesday updates for April 2019 address 43 flaws in its products. Microsoft April 2019 Patch Tuesday fixes Windows 0days under attack. SAP April 2019 Security Patch Day addresses High severity flaws in Crystal Reports, NetWeaver. Kindle Edition.

Data breaches

Data breaches DNS Advertising Surveillance

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs

FEBRUARY 8, 2022

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Starting from April 2019, the campaign started using a new landing page to target iOS devices in the attempt to trick victims into installing a malicious iOS mobile configuration. SecurityAffairs – hacking, Roaming Mantis).

Phishing

Phishing DNS Malware Hacking

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

The attacks share some similarities with other campaigns targeting Colombian entities, in particular a campaign detailed in February 2019, by QiAnXin. The threat actors also used dynamic DNS services to manage a pool of 70 different domain names (and also register new ones on a regular basis) that are dynamically assigned to IP addresses.

Malware

Malware Surveillance Phishing Government

Security Affairs newsletter Round 196 – News of the week

Security Affairs

JANUARY 13, 2019

Dark Overlord hacking crew publishes first batch of confidential 9/11 files. Australian Early Warning Network hacked and used to send fake alerts. Nine 2019 Cybersecurity Predictions. Tens of thousands of hot tubs are exposed to hack. First Google security patches for Android in 2019 fix a critical flaw.

DNS

DNS Advertising Manufacturing Hacking

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Trending Sources

What Is DNS And Why Should Your Business Care?

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

NCSC report warns of DNS Hijacking Attacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Microsoft Patch Tuesday, March 2021 Edition

DHS issues emergency Directive to prevent DNS hijacking attacks

Cyber Defense Magazine – July 2019 has arrived. Enjoy it!

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Cyber Defense Magazine – August 2019 has arrived. Enjoy it!

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Crooks social-engineered GoDaddy staff to take over crypto-biz domains

French Firms Rocked by Kasbah Hacker?

Recent Roaming Mantis campaign hit hundreds of users worldwide

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

How to Hack Dell computers exploiting a flaw in pre-installed Dell SupportAssist

New Ttint IoT botnet exploits two zero-days in Tenda routers

Glupteba botnet is back after Google disrupted it in December 2021

Russia-linked APT28 has been scanning vulnerable email servers in the last year

TrickBot operators employ Linux variants in attacks after recent takedown

New Mirai variant appears in the threat landscape

Security Affairs newsletter Round 230

Flaws in the BlueStacks Android emulator allows remote code execution and more

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

China-linked LightBasin group accessed calling records from telcos worldwide

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Microsoft July 2020 Security Updates address 123 vulnerabilities

Hackers Alter Cobalt Strike Beacon to Target Linux Environments

Chinese-speaking cybercrime gang Rocke changes tactics

For nearly a year, Brazilian users have been targeted with router attacks

GALLIUM Threat Group targets global telcos, Microsoft warns

Lyceum APT made the headlines with attacks in Middle East

Security Affairs newsletter Round 209 – News of the week

Roaming Mantis SMSishing campaign now targets Europe

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs newsletter Round 196 – News of the week

Stay Connected