2019, DNS, Information Security and Internet

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

Cyber Defense Magazine September 2019 Edition has arrived. In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites.

DNS

DNS Advertising Firewall Mobile

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Reduce the number of systems that can be reached over internet using SSH. The researchers believe that the Turkey-linked APT Sea Turtle has been active since at least 2017. Enable 2FA on all externally exposed accounts.

Media

Media Accountability Telecommunications Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

This requires a robust connection to the Internet (Lumen and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Commscope Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. DNS traffic at Record Low.

DNS

DNS Firewall Phishing Mobile

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

DNS

DNS Antivirus Cryptocurrency Software

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages.

Phishing

Phishing Accountability Advertising DNS

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

This year, security experts at Avast have blocked more than 4.6 The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS

DNS Passwords Advertising Banking

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. .”

IoT

IoT DNS Manufacturing Firmware

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising IoT

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

Even a device that is reaching outbound to the internet could be attacked and taken over. “ According to Shodan , there are over 808K SonicWall firewalls connected to the Internet, representing a similar number of networks that these devices defend.” ” reads the report published by Armis Labs.

Risk

Risk IoT Firewall DNS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware DNS Advertising

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

on the CVSS scale and affects Windows Server versions 2003 to 2019. Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Engineering Internet

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems.

Architecture

Architecture DDOS Advertising Firmware

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

. “To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.” ” The GALLIUM threat actor is active, but its activity was more intense between 2018 and mid-2019. ” continues the analysis.

Telecommunications

Telecommunications DNS Malware Advertising

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

The Momentum bot achieves persistence by modifying the ‘ rc’ files, then connect to command and control (C&C) server and to an internet relay chat (IRC) channel called #HellRoom to register itself and accept commands. The C&C servers were live as recently as November 18 2019.” ” concludes the analysis.

Malware

Malware DDOS DNS Advertising

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE. Malspam campaign bypasses secure email gateway using Google Docs.

IoT

IoT Data breaches DNS Advertising

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. News of the day is that Webmin contained a remote code execution vulnerability, tracked as CVE-2019-15107, for more than a year. I'ill share detailed information about my presentation and vulnerabilities very soon!

Passwords

Passwords System Administration Advertising DNS

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. The campaign was uncovered by CrowdStrike by investigating a series of security incidents in multiple countries, the security firm added that the threat actors show an in-depth knowledge of telecommunications network architectures.

Telecommunications

Telecommunications Mobile Hacking Architecture

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

“Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more.

DDOS

DDOS System Administration Advertising DNS

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

In 2019, a Canadian company called Defiant Tech Inc. In a legal settlement that is quintessentially Canadian, the matter was resolved in 2019 after Defiant Tech agreed to plead guilty. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Black Hat USA 2022 Continued: Innovation in the NOC

Cisco Security

AUGUST 29, 2022

25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. Cisco is a Premium Partner of the Black Hat NOC , and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat. Umbrella DNS into NetWitness SIEM and Palo Alto Firewall .

DNS

DNS Wireless Malware Firewall

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Group-IB, has analyzed key recent changes to the global cyberthreat landscape in the “Hi-Tech Crime Trends 2019/2020” report. According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. As for 2019, it has become the year of covert military operations in cyberspace.

Banking

Banking Telecommunications Marketing Internet

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

In detail, the first wave observed was on February 12th, 2019. All the network traffic on the machine has now been monitored, but no connections to the Internet has been performed. The malware tries to resolve the DNS: sameerd.net. Beforehand, we simulate a fake Internet, and the malicious request was received.

Malware

Malware Phishing DNS Engineering

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

pool party in 2019 might have young Benjamin being advised to look into “AI” – artificial intelligence. But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Germany and the Netherlands agreded to build TEN, the first ever joint military internet. Germany and the Netherlands agreed to build TEN, the first ever joint military internet. Is Your Browser Secure? Heres How to Secure Your Web Browser Against Attacks! Cyber Defense Magazine – July 2019 has arrived.

Scams

Scams Spyware DNS Advertising

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

Cisco Meraki already donated 45 access points (APs), seven MS switches, and two Meraki MX security and SD-WAN appliances to Black Hat, for regional conferences. Another challenge the morning of the Expo Hall opening was that five of the 57MRs inside were not yet connected to the Internet when it opened at 10am. About Black Hat.

Engineering

Engineering Wireless Malware DNS

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

The new ransomware dubbed JCry (extension used to rename encrypted files.jcry ) is part of the OpIsrael 2019 — an annual coordinated cyber attack against the Israeli government and private websites created with the stated goal of “erasing Israel from the Internet” in protest against the Israeli government’s conduct in the Israel-Palestine conflict.

Ransomware

Ransomware Encryption Malware Cyber Attacks

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

The new ransomware dubbed JCry (extension used to rename encrypted files.jcry ) is part of the OpIsrael 2019 — an annual coordinated cyber attack against the Israeli government and private websites created with the stated goal of “erasing Israel from the Internet” in protest against the Israeli government’s conduct in the Israel-Palestine conflict.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Penetration tests can help companies avoid future breaches

SC Magazine

FEBRUARY 4, 2021

A ransomware attack targeted the email systems at Cleveland Hopkins International Airport in April 2019. Comprehensive penetration testing can contribute to the security conversation by suggesting organizations prioritize cybersecurity controls that will offer optimal risk remediation against exploits hackers will attempt.

Penetration Testing

Penetration Testing Social Engineering Authentication Engineering

Cyber Security Informer

NCSC report warns of DNS Hijacking Attacks

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Webinars

Trending Sources

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Webinars

Black Hat USA 2021 Network Operations Center

Glupteba botnet is back after Google disrupted it in December 2021

Russia-linked APT28 has been scanning vulnerable email servers in the last year

For nearly a year, Brazilian users have been targeted with router attacks

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

TrickBot operators employ Linux variants in attacks after recent takedown

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

New Ttint IoT botnet exploits two zero-days in Tenda routers

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Microsoft July 2020 Security Updates address 123 vulnerabilities

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

GALLIUM Threat Group targets global telcos, Microsoft warns

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs newsletter Round 230

Backdoored Webmin versions were available for download for over a year

China-linked LightBasin group accessed calling records from telcos worldwide

Roboto, a new P2P botnet targets Linux Webmin servers

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Black Hat USA 2022 Continued: Innovation in the NOC

Group-IB presents its annual report on global threats to stability in cyberspace

The Muncy malware is on the rise

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Black Hat USA 2023 NOC: Network Assurance

Security Affairs newsletter Round 221 – News of the week

Black Hat USA 2022: Creating Hacker Summer Camp

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Penetration tests can help companies avoid future breaches

Stay Connected