2019, DNS, Information Security and Phishing

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

This requires a robust connection to the Internet (Lumen and Gigamon), firewall protection (Palo Alto Networks), segmented wireless network (Commscope Ruckus) and network full packet capture & forensics and SIEM (RSA NetWitness); with Cisco providing cloud-based security and intelligence support. SECURITY CATEGORY (PHISHING).

DNS

DNS Firewall Phishing Mobile

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Accountability Advertising DNS

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs

FEBRUARY 8, 2022

The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages. The latest wave of attacks aimed at spreading phishing links via SMS messages (SMiShing), most of the victims were users in Russia, Japan, India, Bangladesh, Kazakhstan, Azerbaijan, Iran, and Vietnam.

Phishing

Phishing DNS Malware Hacking

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security Affairs

JANUARY 14, 2021

The attacks share some similarities with other campaigns targeting Colombian entities, in particular a campaign detailed in February 2019, by QiAnXin. Some of the phishing emails from the current campaign were sent from IP addresses corresponding to a range that belongs to Powerhouse Management, a VPN service. Pierluigi Paganini.

Malware

Malware Surveillance Phishing Government

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

This year, security experts at Avast have blocked more than 4.6 The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. Most recently, Netflix became a popular domain for DNS hijackers.”

DNS

DNS Passwords Advertising Banking

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches

Data breaches DNS Advertising Engineering

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE. Malspam campaign bypasses secure email gateway using Google Docs.

IoT

IoT Data breaches DNS Advertising

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to the security firm Keepnet Labs that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches

Data breaches DNS Advertising Engineering

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

group_d : from March 2019 to August 2019 The evaluation process would take care of the following Techniques: Delivery , Exploit , Install and Command. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). group_a : from 2016 to August 2017 2.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

In 2019, a Canadian company called Defiant Tech Inc. In a legal settlement that is quintessentially Canadian, the matter was resolved in 2019 after Defiant Tech agreed to plead guilty. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

AUGUST 20, 2019

In 2019 alone, Silence has infected workstations in more than 30 countries across Europe, Latin America, Africa, and Asia. Like most APTs, Silence uses phishing emails to infect their victims. The Trojanwas allegedly used in the attack on the Russian IT Bank in February 2019. Within the sound of Silence.

Banking

Banking Cybercrime Cybersecurity Advertising

Black Hat USA 2022 Continued: Innovation in the NOC

Cisco Security

AUGUST 29, 2022

25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. Cisco is a Premium Partner of the Black Hat NOC , and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat. Umbrella DNS into NetWitness SIEM and Palo Alto Firewall .

DNS

DNS Wireless Malware Firewall

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Street @jaysonstreet.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Group-IB, has analyzed key recent changes to the global cyberthreat landscape in the “Hi-Tech Crime Trends 2019/2020” report. According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. As for 2019, it has become the year of covert military operations in cyberspace.

Banking

Banking Telecommunications Marketing Internet

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The phishing campaign trying to impersonate DHL.

Malware

Malware Phishing DNS Engineering

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). The following map shows the countries where we detected Tomiris targets (colored in green: Afghanistan and CIS members or ratifiers).

Malware

Malware DNS Government Software

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

As of now, the information security industry is at the outset of implementing SBOM for software products. Significant gateway vulnerabilities include MS Exchange’s ProxyLogon, SonicWall’s Pulse VPN flaw in 2019, and an SQL injection vulnerability in early 2021. Also Read: How to Prevent DNS Attacks.

Software

Software Firmware DNS VPN

UK and US expose Russia Callisto Group’s activity and sanction members

Security Affairs

DECEMBER 7, 2023

The UK National Cyber Security Centre (NCSC) and Microsoft reported that the Russia-linked APT group Callisto Group is targeting organizations worldwide. The nation-state actor is carrying out spear-phishing attacks for cyberespionage purposes. The theft of UK-US trade documents leaked before the 2019 General Election.

DNS

DNS Government Accountability Phishing

Penetration tests can help companies avoid future breaches

SC Magazine

FEBRUARY 4, 2021

A ransomware attack targeted the email systems at Cleveland Hopkins International Airport in April 2019. Comprehensive penetration testing can contribute to the security conversation by suggesting organizations prioritize cybersecurity controls that will offer optimal risk remediation against exploits hackers will attempt.

Penetration Testing

Penetration Testing Social Engineering Authentication Engineering

Cyber Security Informer

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

NCSC report warns of DNS Hijacking Attacks

Trending Sources

Black Hat USA 2021 Network Operations Center

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Roaming Mantis SMSishing campaign now targets Europe

Operation Spalax, an ongoing malware campaign targeting Colombian entities

For nearly a year, Brazilian users have been targeted with router attacks

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs newsletter Round 230

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

OilRig APT group: the evolution of attack techniques over time

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Black Hat USA 2022 Continued: Innovation in the NOC

Top Cybersecurity Accounts to Follow on Twitter

Group-IB presents its annual report on global threats to stability in cyberspace

The Muncy malware is on the rise

Tomiris called, they want their Turla malware back

The Biggest Lessons about Vulnerabilities at RSAC 2021

UK and US expose Russia Callisto Group’s activity and sanction members

Penetration tests can help companies avoid future breaches

Stay Connected