Security Affairs

APRIL 10, 2025

SentinelOnes SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September 2024. DNS records link domains like servicewrap-go[.]com

eCommerce 129

eCommerce Technology DNS Business Services 129

Security Affairs

NOVEMBER 10, 2024

Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. Cybersecurity firm Sygnia observed the attacks on April 2024 and reported them to Cisco.

Hacking 130

Hacking Internet Internet Government 130

Security Affairs

JANUARY 5, 2025

A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei , could allow attackers to bypass signature checks and execute malicious code. Nuclei supports multiple protocols, including HTTP, TCP, DNS, TLS, andCode.

DNS 116

DNS Risk Engineering Hacking 116

Security Affairs

MAY 13, 2025

A Trkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Marbled Dust exploited CVE-2025-27920 after likely stealing credentials via DNS hijacking or typo-squatting.

DNS 86

DNS Telecommunications Architecture Media 86

Security Affairs

FEBRUARY 13, 2025

Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations. They deploy tunneling tools like Chisel and rsockstun for deeper access, using actor-controlled infrastructure to evade detection. This infrastructure technique is versatile, supporting operations globally.

Telecommunications 108

Telecommunications DNS Hacking Passwords 108

Security Affairs

JULY 4, 2024

“Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps, just above the previous record reported by Akamai.” ” reads the post published by OVHcloud.

DDOS 126

DDOS DNS Hacking Internet 126

Security Affairs

DECEMBER 10, 2024

The Ministry of Human Resources and Emiratisation (MoHRE) has announced that December 2 and 3, 2024, will be official paid holidays for all private sector employees in the UAE. Based on available Passive DNS records, Resecurity identified over 144 domain names registered by the actors in the.com,om,site,top and.icu domain zones.

Social Engineering 111

Social Engineering Phishing Banking DNS 111

Security Affairs

APRIL 11, 2024

The flaw affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L, these devices contain a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. CISA orders federal agencies to fix this vulnerability by May 2, 2024.

DNS 131

DNS Authentication Hacking Cybersecurity 131

Security Affairs

JUNE 11, 2024

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. The most severe issue is a Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability tracked as CVE-2024-30080 (CVSS score 9.8). MITRE created this CVE on their behalf.

DNS 124

DNS Hacking Information Security 124

Security Affairs

MARCH 21, 2024

Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. DNS, NTP, and TFTP) protocols. ” explained the researchers.

DNS 137

DNS Internet Internet Information Security 137

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool. . ” The code used by Msupedge for the DNS tunneling tool is based on the publicly available dnscat2 tool.

DNS 121

DNS Malware Hacking Cybercrime 121

Security Affairs

MARCH 28, 2024

Below are the most severe issues addressed by the company: CVE-2024-20311 (CVSS score 8.6) – A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software. CVE-2024-20259 (CVSS score 8.6) – A vulnerability in the DHCP snooping feature of Cisco IOS XE Software.

Software 133

Software Wireless DNS Internet 133

Security Affairs

SEPTEMBER 26, 2024

Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. Cybersecurity firm Sygnia observed the attacks on April 2024 and reported them to Cisco. reads the report published by Volexity.

Internet 129

Internet Internet DNS Telecommunications 129

Security Affairs

SEPTEMBER 23, 2024

The threat actor used spear-phishing emails and exploited the recently patched GeoServer vulnerability CVE-2024-36401. The vulnerability CVE-2024-36401 (CVSS score of 9.8) The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram.

DNS 140

DNS Government Phishing Telecommunications 140

Security Affairs

JULY 5, 2024

On May, 2024, the researchers detected a suspicious ELF file at /usr/bin/geomi that was uploaded from Russia to VirusTotal. From early to mid-June 2024, the botnet was used to launch DDoS attacks on organizations in Canada, the United States, and Germany.

DDOS 138

DDOS DNS Encryption Malware 138

Security Affairs

APRIL 11, 2024

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. ” reported ZDI.

Malware 136

Malware DNS Software Mobile 136

Security Affairs

APRIL 7, 2024

A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. DNS-327L Version 1.09, Version 1.00.0409.2013 DNS-340L Version 1.08

Internet 110

Internet Internet DNS Hacking 110

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. The recent campaign spanned from October 2023 to April 2024. ” concludes the report.

Malware 130

Malware DNS Authentication Telecommunications 130

Security Affairs

JULY 15, 2024

Experts observed that the Russian cybercrime group FIN7 has been exploiting the vulnerability since April 2023, while Researchers from BlackBerry reported that in June 2024, a threat actor targeted a Latin American airline with the Akira ransomware.

Backups 140

Backups Ransomware Antivirus DNS 140

Security Affairs

SEPTEMBER 27, 2024

. * Canonical, RedHat and… pic.twitter.com/N2d1rm2VeR — Simone Margaritelli (@evilsocket) September 23, 2024 Information about the Linux vulnerability was leaked on GitHub, for this reason, the Italian researcher decided to release the technical details and published a proof-of-concept (PoC) exploit on September 26, 2024.

DNS 120

DNS Advertising Hacking Internet 120

Security Affairs

AUGUST 8, 2024

“With 200 million websites in the world as of August 2024, as many as ~ 100K public websites may be communicating with 0.0.0.0. The researchers shared their findings with web browser development teams in April 2024, and they expect that the issue will be completely addressed. ” continues the report. as target IP.

DNS 124

DNS VPN Hacking Information Security 124

Cisco Security

DECEMBER 22, 2022

Wi-Fi Air Marshal, by Jérémy Couture, Head of SOC, Paris 2024 Olympic Games. In part two, we are going deep with security: Integrating Security. First Time at Black Hat, by Jérémy Couture, Head of SOC, Paris 2024 Olympic Games. Integrating Security. Cisco Umbrella : DNS visibility and security.

DNS 101

DNS Malware Accountability Wireless 101

Security Affairs

FEBRUARY 18, 2024

CISA: hackers breached a state government organization Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs US Gov dismantled the Moobot botnet controlled by Russia-linked APT28 A cyberattack halted operations at Varta production plants North Korea-linked actors breached the emails of a Presidential Office member Nation-state (..)

Cybercrime 131

Cybercrime Ransomware Malware Data breaches 131

Security Affairs

JULY 28, 2024

Ukraine’s cyber operation shut down the ATM services of major Russian banks A bug in Chrome Password Manager caused user credentials to disappear BIND updates fix four high-severity DoS bugs in the DNS software suite Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections Progress Software fixed (..)

Spyware 123

Spyware Data breaches Cybercrime Banking 123

Security Affairs

DECEMBER 14, 2024

The attacks began in late 2023, coinciding with other industrial system breaches, and continued into mid-2024. The malware remained undetected by VirusTotal antivirus engines as of December 2024. It employs DNS over HTTPS (DoH) to evade network monitoring tools and encrypts configurations with AES-256-CBC. d/S93InitSystemd.sh.

IoT 107

IoT Malware DNS Antivirus 107

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

Cybercrime 118

Cybercrime Telecommunications DNS Technology 118

Security Affairs

DECEMBER 12, 2024

Threat actors have used BoneSpy since at least 2021, while PlainGnome first appeared in 2024. Lookout linked BoneSpy and PlainGnome to Gamaredon due to shared IP infrastructure, domain naming conventions, and the use of dynamic DNS services like ddns[.]net, Gamaredon is still using both families at the time of writing.

Mobile 98

Mobile Malware Surveillance Social Engineering 98

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless 92

Wireless DNS Mobile Technology 92

Cisco Security

DECEMBER 22, 2022

Wi-Fi Air Marshal, by Jérémy Couture, Head of SOC, Paris 2024 Olympic Games. Cisco is honored to be a Premium Partner of the Black Hat NOC, and is the Official Network Platform, Mobile Device Management, Malware Analysis and DNS (Domain Name Service) Provider of Black Hat. Threat Hunter / Paris 2024 Olympics SOC: Jérémy Couture.

Engineering 95

Engineering Mobile Malware Wireless 95

Hacker's King

OCTOBER 8, 2024

Cybersecurity involves safeguarding networks, systems, and data from digital attacks, which are often aimed at accessing, stealing, or destroying sensitive information. There are several branches within cybersecurity, including network security, application security, information security, and operational security.

Cybersecurity 52

Cybersecurity Penetration Testing Hacking DNS 52

SecureList

JULY 9, 2024

The problem at hand is easy to put into practical terms: the bulk of the work done by any modern SOC – with the exception of certain specialized SOC types – is detecting, and responding to, information security incidents. However, this list is not sufficient for prioritization.

Engineering 116

Engineering DNS Technology Accountability 116

Security Affairs

APRIL 6, 2025

CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog Russia-linked Gamaredon targets Ukraine with Remcos RAT CoffeeLoader uses a GPU-based packer to evade detection Morphing Meerkat phishing kits exploit DNS MX records CISA warns of RESURGE malware exploiting Ivanti flaw Sams Club Investigates Alleged Cl0p Ransomware (..)

DNS 64

DNS Malware Hacking Data breaches 64

Security Affairs

MAY 11, 2025

CVSS) in IOS XE That Enables Root Exploits via JWT Internet tracking: How and why were followed online Google to pay Texas $1.4 CVSS) in IOS XE That Enables Root Exploits via JWT Internet tracking: How and why were followed online Google to pay Texas $1.4

Spyware 63

Spyware Ransomware Malware DDOS 63

Security Affairs

JANUARY 26, 2025

President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days Subaru Starlink flaw allowed experts to remotely hack cars Two ransomware groups abuse Microsofts Office 365 platform to gain access to target organizations Cloudflare (..)

DDOS 63

DDOS Hacking Penetration Testing Malware 63