Accountability, DNS, Passwords and Surveillance

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. PASSIVE DNS.

DNS

DNS Internet Internet Government

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Create and enforce a password policy with adequate complexity requirements for specific accounts.

Media

Media Accountability Telecommunications Government

5 pro-freedom technologies that could change the Internet

Malwarebytes

JULY 4, 2022

DNS encryption. DNS encryption plugs a gap that makes it easy to track the websites you visit. The domain name system (DNS) is a distributed address book that lists domain names and their corresponding IP addresses. Passwords are a great idea in theory that fail horribly in practice. It’s ascendancy seems assured.

Internet

Internet Internet Technology DNS

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches

Data breaches Malware Mobile Spyware

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

This RAT allows an attacker to surveil and harvest sensitive data from a target computer. Cracked applications are one of the easiest ways for attackers to get malware onto people’s computers: to elevate their privileges, they only need to ask for the password, which usually arouses no suspicion during software installation.

Banking

Banking Malware Computers and Electronics Mobile

The Zero Click, Zero Day iMessage Attack Against Journalists

SecureWorld News

DECEMBER 23, 2020

Pegasus spyware is a phone surveillance solution that enables customers to remotely exploit and monitor devices. The company sells its surveillance technology to governments around the world. And watchdog groups say its products are often found to be used in surveillance abuses. What can this Pegasus iOS attack do?

Spyware

Spyware Surveillance Hacking Media

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Malware Authentication DNS

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

A week after it landed with a curious (and most likely spurious) thud, Zuckerberg’s announcement about a new tack on consumer privacy still has the feel of an unexpected message from some parallel universe where surveillance (commercial and/or spycraft) isn’t the new normal.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Banking Energy and Utilities Accountability

Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR

Malwarebytes

FEBRUARY 28, 2024

Ongoing surveillance and response The implementation of ThreatDown MDR services on January 18th, 2024, was a strategic move by the MSP to gain deeper insights into the attackers’ movements. Changing all administrative and local passwords three times to fortify security. Detection of malware leveraging RMM tools.

Malware

Malware DNS Surveillance Backups

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

NCSC report warns of DNS Hijacking Attacks. A flaw could have allowed hackers to take over any Instagram account in 10 minutes. Sprint revealed that hackers compromised some customer accounts via Samsung site. Israel surveillance firm NSO group can mine data from major social media.

Small Business

Small Business Media Spyware DNS

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Malwarebytes

MAY 9, 2023

The fourth was the most interesting, because it communicates with a new Dropbox account. First of all, we see a new Dropbox account being used. This Dropbox account will be used to gather exfiltrated victims data. Note that attackers will use one account for reconnaissance and a different one for exfiltration.

Surveillance

Surveillance Accountability DNS Encryption

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

What’s remarkable about these record-breaking attacks is they were carried out via small, innocuous Internet-of-Things (IoT) devices like home routers, air-quality monitors, and personal surveillance cameras. MIRAI was able to infect over 600,000 IoT devices by simply exploiting a set of 64 well-known default IoT login/password combinations.

IoT

IoT DDOS Internet Internet

IT threat evolution Q1 2021

SecureList

MAY 31, 2021

Once the victim has started the program, it changes the DNS settings on the device so that all domains are resolved through the attackers’ servers: this prevents the victim from accessing certain antivirus sites. By obtaining employee credentials, they were able to target specific employees who had access to our account support tools.

Malware

Malware Adware Encryption Architecture

Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Trending Sources

5 pro-freedom technologies that could change the Internet

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

IT threat evolution Q1 2024

The Zero Click, Zero Day iMessage Attack Against Journalists

European firm DSIRF behind the attacks with Subzero surveillance malware

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

IT threat evolution Q3 2021

Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR

Security Affairs newsletter Round 223 – News of the week

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

IT threat evolution Q1 2021

Stay Connected