2020, DNS and Internet - Cyber Security Informer

Threat Trends: DNS Security, Part 1

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS

DNS Phishing Ransomware Internet

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

September 23, 2020. Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. They still remain blocked.

Internet

Internet Internet DNS Advertising

Threat Trends: DNS Security

Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS

DNS Phishing Ransomware Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

Microsoft July 2020 addressed 123 security flaws across 13 products, including a 17-year-old wormable issue for hijacking Microsoft Windows Server dubbed SigRed. Microsoft July 2020 addressed 123 security vulnerabilities impacting 13 products, none of them has been observed being exploited in attacks in the wild.

DNS

DNS Advertising Engineering Internet

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

JULY 14, 2020

Top of the heap this month in terms of outright scariness is CVE-2020-1350 , which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

DNS

DNS Backups System Administration Software

Sunburst: connecting the dots in the DNS requests

SecureList

DECEMBER 18, 2020

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes. avsvmcloud[.]com”

DNS

DNS Telecommunications Malware Encryption

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. In April 2020, Telenor complied with the directive and blocked ALL sites on the block list. Original post at: [link].

Internet

Internet Internet Telecommunications DNS

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

MARCH 28, 2019

The author of Mirai used a sledgehammer to kill a fly: the DDoS bombardment was so large that it also wiped out Dyn , a UK-based internet performance vendor. The Spamhaus attacker, for instance, noticed that there were literally millions of domain name system (DNS) resolvers that remained wide open all over the internet.

DDOS

DDOS IoT DNS Internet

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

The site’s true WHOIS registration records have always been hidden by privacy protection services, but there are plenty of clues in historical Domain Name System (DNS) records for WorldWiredLabs that point in the same direction. A review of DNS records for both printschoolmedia[.]org DNS records for worldwiredlabs[.]com

DNS

DNS Cybercrime Passwords Accountability

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking

Hacking Social Engineering Phishing Scams

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Cryptocurrency Internet Internet

Domain Age as an Internet Filter Criteria

McAfee

FEBRUARY 17, 2021

Use of “domain age” is a feature being promoted by various firewall and web security vendors as a method to protect users and systems from accessing malicious internet destinations. The sites and domains of the internet are constantly changing and evolving. The concept is to use domain age as a generic traffic filtering parameter.

Internet

Internet Internet DNS Risk

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

There is no indication these are the real names of the phishers, but the names are useful in pointing to other sites targeting Privnote since 2020. Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.]com A search at DomainTools.com for privatenote[.]io com , privatemessage[.]net

Phishing

Phishing Cryptocurrency DDOS Internet

Does Your Domain Have a Registry Lock?

Krebs on Security

JANUARY 24, 2020

13, 2020, which was the date the fraudsters got around to changing the domain name system (DNS) settings for e-hawk.net. That alert was triggered by systems E-HAWK had previously built in-house that continually monitor their stable of domains for any DNS changes.

DNS

DNS Social Engineering Engineering Accountability

DNSpooq bugs haunt dnsmasq

Malwarebytes

JANUARY 21, 2021

The vulnerabilities disclosed by the JSOF team have been listed as CVE-2020-25687 , CVE-2020-25683 , CVE-2020-25682 , CVE-2020-25684 , CVE-2020-25685 , CVE-2020-25686 and CVE-2020-25681. Basically, you could say DNS is the phonebook of the internet. What is DNS cache poisoning?

DNS

DNS Software Internet Internet

A Reactive Cybersecurity Strategy Is No Strategy at All

CyberSecurity Insiders

MAY 18, 2022

In 2020, the SolarWinds supply chain attack opened backdoors into thousands of organizations (including government agencies) that used its services, while late last year, the far-reaching Log4J exploit exploded onto the scene. So why aren’t more organizations taking advantage of protective DNS? The issue likely comes down to awareness.

DNS

DNS Cybersecurity CISO Social Engineering

A First Look at Python in Excel

NetSpi Technical

OCTOBER 19, 2023

As these are pointing at localhost, it is very likely this is being used as a way to prevent outbound internet access. Moving on, lets see if we can get outbound internet access. It looks like there is no route out from the container to the Internet. Let’s try DNS. Let’s see if we can connect to that and grab the HTML.

DNS

DNS Internet Internet Phishing

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

FEBRUARY 19, 2024

Among the vulnerabilities is CVE-2024-21412 , an Internet Shortcut Files flaw that allows an unauthenticated attacker to send a malicious file to a user. It bypasses Internet Shortcut Files’ security measures. The vulnerability, CVE-2020-3259 , was first discovered in May 2020.

VPN

VPN DNS Ransomware Software

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

NOVEMBER 15, 2021

The attack was launched by a Mirai botnet variant composed of 15,000 bots, it combined DNS amplification attacks and UDP floods. The botnet included Internet of Things (IoT) devices and GitLab instances. “This was a multi-vector attack combining DNS amplification attacks and UDP floods. Pierluigi Paganini.

DDOS

DDOS DNS IoT Internet

Decoy dog toolkit plays the long game with Pupy RAT

Malwarebytes

APRIL 25, 2023

From there, further research identified a DNS signature not related to Pupy components. Infoblox claims that this unique DNS signature for Decoy Dog “ matches less than 0.0000027% of the 370 million active domains on the internet ” Pupy itself has been seen in numerous nation state attacks and other serious compromises.

DNS

DNS Mobile Malware Internet

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Malwarebytes

JUNE 30, 2022

The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat actor behind it. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. DNS hijacking. SOHO routers.

DNS

DNS Malware Small Business Firmware

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Reduce the number of systems that can be reached over internet using SSH. The researchers believe that the Turkey-linked APT Sea Turtle has been active since at least 2017. Enable 2FA on all externally exposed accounts.

Media

Media Accountability Telecommunications Government

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

MARCH 29, 2021

An endpoint DNS solution could have stopped the Trojanized Orion version by refusing to resolve the domain names of the command-and-control servers, again disrupting the infection to the point that no real damage could be done. Every employee’s home network has a different set of security protocols and internet use is unregulated.

Hacking

Hacking DNS Firewall Malware

Future Focused: Encryption and Visibility Can Co-Exist

Cisco Security

MARCH 16, 2021

Hiding internet activity strengthens privacy—but also makes it easier for bad actors to infiltrate the network. The European Union is concerned enough that it drafted a resolution in November 2020 to ban end-to-end encryption, prompting outcry from privacy advocates. Keeping your destination private: DNS over HTTPS.

Encryption

Encryption DNS Threat Detection Internet

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands. CVE-2020-7961 – Java unmarshalling flaw via JSONWS in Liferay Portal (in versions prior to 7.2.1 CE GA2) (disclosed on March 20, 2020). ” continues the analysis.

DDOS

DDOS DNS Malware Internet

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how. I’d been doxed via DNS. ” What was the subdomain I X’d out of his message?

Hacking

Hacking Cybercrime DNS Antivirus

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. — NordVPN (@NordVPN) October 23, 2020 Ah, tricky! Been a lot of "victim blaming" going on these last few days. — Bartek ?wierczy?ski

Phishing

Phishing Password Management Passwords Internet

Most Organizations Do DMARC Wrong. Here’s How to Do It Right.

eSecurity Planet

AUGUST 8, 2022

The signature-based email authentication technique called DKIM merges the specifications for domain keys and identified-internet-mail specifications. A public key is stored with the Domain Name System (DNS) for download by any email server receiving emails with the encrypted digital signature. DMARC Implementation and Fees.

DNS

DNS Phishing Authentication Marketing

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

There, CosmicStrand sleeps for 10 minutes and tests the internet connectivity of the infected machine. DNS requests are performed in this fashion, using either Google’s DNS server (8.8.8[.]8) 2020-05-03. 2020-05-03. 2020-07-25. 2020-07-25. 2020-03-09. 2020-07-25. 2020-03-09.

Firmware

Firmware DNS Malware Technology

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware DNS Advertising

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

2019 that wasn’t discovered until April 2020. “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. . “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

Researcher’s audacious hack demonstrates new type of supply-chain attack

Malwarebytes

FEBRUARY 11, 2021

They will look for dependencies locally, on the computer where a project resides, and they will check the package manager’s public, Internet-accessible, directory. Getting the information to his own server from deep inside well-protected corporate networks posed yet another problem which was solved by using DNS exfiltration.

Hacking

Hacking DNS Unstructured Data Social Engineering

NEW TECH: A couple of tools that deserve wide use — to preserve the integrity of U.S. elections

The Last Watchdog

JULY 1, 2019

NormShield found that all of the 2020 presidential hopefuls, thus far, are making sure their campaigns are current on software patching, as well as Domain Name System (DNS) security; and several are doing much more. Our goal is to help organizations create more secure ecoystems to support a free and fair election processes.

Cyber Risk

Cyber Risk DNS Phishing Backups

Non-profit pledges $1 million to offer free ransomware protection for private hospitals

SC Magazine

FEBRUARY 17, 2021

A nurse cares for a coronavirus COVID-19 patient in the intensive care unit at Regional Medical Center on May 21, 2020 in San Jose, California. To implement it, hospitals must simply direct their DNS domains toward specially made IP addresses set up by Akamai, where the center can then implement its domain blocking policies.

Ransomware

Ransomware Healthcare DNS Media

Security Affairs newsletter Round 328

Security Affairs

AUGUST 22, 2021

million customers Adobe addresses two critical vulnerabilities in Photoshop Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Kalay cloud platform flaw exposes millions of IoT devices to hack Fortinet FortiWeb OS Command Injection allows takeover servers remotely 1.9

Data breaches

Data breaches Mobile Ransomware DNS

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. In 2020, Grichishkin was arrested outside of Russia on a warrant for providing bulletproof hosting services to cybercriminal gangs.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Iranian government blocked Wikipedia Farsi due Coronavirus outbreak

Security Affairs

MARCH 4, 2020

The NetBlocks internet observatory, which tracks disruptions and shutdowns, revealed that Iran has blocked access to the Farsi (Persian) language edition of the Wikipedia online encyclopedia since March 2nd, 2020. All other language editions were available in the country, except the Hebrew that was blocked in the past.

Government

Government DNS Advertising Media

Cyberattacks threaten big losses and PR crises for financial services firms

SC Magazine

JUNE 9, 2021

million, financial services firms are laser-focused on cloud vulnerabilities, attacks against internet-of-things devices and other prevalent threats. . The report is based on a survey of 814 senior-level IT executives in the financial services industry in October and November 2020. With data breaches causing an average loss of $4.2

Financial Services

Financial Services Data breaches DNS Phishing

Highly Sophisticated Malware Attacks Home and Small Office Routers

eSecurity Planet

JULY 1, 2022

According to Lumen’s Black Lotus Labs, this sophisticated campaign “has been active in North America and Europe for nearly two years beginning in October 2020.”. The attacks include ZuoRAT, a multi-stage remote access Trojan (RAT) that specifically exploits known vulnerabilities in SOHO routers to hijack DNS and HTTP traffic.

Malware

Malware DNS Antivirus Internet

A Guide to Increasing Your Email Security and Deliverability: DKIM

Approachable Cyber Threats

OCTOBER 28, 2020

This means that while you will create a new DNS record, similar to SPF, you will also have to generate “keys” for your DKIM process to work correctly. BIG NOTE: A major part of DKIM is that the “private key” will need to be placed on your email server, while the “public key” will go in your DNS record.

DNS

DNS Marketing Risk Encryption

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BitSight researchers found significant overlap in the Internet addresses used by those domains and a domain called BHproxies[.]com. Before that, the resume says he was operations manager of TikTok’s Middle East and North Africa region for approximately seven months ending in April 2020. million from private investors.

Accountability

Accountability Advertising Marketing Malware

A Guide to Increasing Your Email Security and Deliverability: SPF

Approachable Cyber Threats

OCTOBER 27, 2020

Luckily you can start to make a difference right now by implementing some changes to your DNS records. So for example, if you registered your website “www.mycompany.com” with GoDaddy, you would edit your DNS record on GoDaddy. Now that you have your list, head to your DNS provider and add a new entry. www.hivesystems.io).

DNS

DNS Marketing Risk Internet

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”.

DDOS

DDOS IoT Internet Internet

Threat Trends: DNS Security, Part 1

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Webinars

Trending Sources

Threat Trends: DNS Security

Webinars

Microsoft July 2020 Security Updates address 123 vulnerabilities

‘Wormable’ Flaw Leads July Microsoft Patches

Sunburst: connecting the dots in the DNS requests

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

Who’s Behind the NetWire Remote Access Trojan?

Spying on satellite internet comms with a $300 listening station

When Low-Tech Hacks Cause High-Impact Breaches

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Domain Age as an Internet Filter Criteria

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Does Your Domain Have a Registry Lock?

DNSpooq bugs haunt dnsmasq

A Reactive Cybersecurity Strategy Is No Strategy at All

A First Look at Python in Excel

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Decoy dog toolkit plays the long game with Pupy RAT

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Future Focused: Encryption and Visibility Can Co-Exist

FreakOut botnet target 3 recent flaws to compromise Linux devices

No, I Did Not Hack Your MS Exchange Server

Humans are Bad at URLs and Fonts Don’t Matter

Most Organizations Do DMARC Wrong. Here’s How to Do It Right.

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

New Ttint IoT botnet exploits two zero-days in Tenda routers

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Researcher’s audacious hack demonstrates new type of supply-chain attack

NEW TECH: A couple of tools that deserve wide use — to preserve the integrity of U.S. elections

Non-profit pledges $1 million to offer free ransomware protection for private hospitals

Security Affairs newsletter Round 328

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Iranian government blocked Wikipedia Farsi due Coronavirus outbreak

Cyberattacks threaten big losses and PR crises for financial services firms

Highly Sophisticated Malware Attacks Home and Small Office Routers

A Guide to Increasing Your Email Security and Deliverability: DKIM

Who’s Behind the Botnet-Based Service BHProxies?

A Guide to Increasing Your Email Security and Deliverability: SPF

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Stay Connected