Security Affairs

MARCH 4, 2020

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. A bug in Let’s Encrypt’s certificate authority (CA) software, dubbed Boulder, caused the correct validation for some certificates.

Encryption 108

Encryption Advertising DNS Software 108

Security Affairs

JANUARY 29, 2023

Copycat Criminals mimicking Lockbit gang in northern Europe Sandworm APT targets Ukraine with new SwiftSlicer wiper ISC fixed high-severity flaws in DNS software suite BIND Patch management is crucial to protect Exchange servers, Microsoft warns Hacker accused of having stolen personal data of all Austrians and more CVE-2023-23560 flaw exposes 100 (..)

DNS 85

DNS Data breaches Hacking Backups 85

Security Affairs

AUGUST 31, 2022

Once executed, the malware makes unique DNS connections, experts determined that the binary was leveraging a DNS data exfiltration technique by sending unique DNS queries to a target C2 DNS server. “This technique works by sending an encrypted string appended to the DNS query set as a subdomain.

Malware 82

Malware DNS Antivirus Encryption 82

Security Affairs

NOVEMBER 5, 2021

Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. The ransomware module encrypts the files in the victim’s server and appends a file extension.babyk to the encrypted files.”

Ransomware 125

Ransomware Backups Encryption DNS 125

Security Affairs

SEPTEMBER 22, 2021

For the specific DNS-based MITM attack used above, the attacker must race DNS queries from the Circle update daemon. Other MitM attacks that do not rely on DNS manipulation will also allow an attacker to exploit this vulnerability.” SecurityAffairs – hacking, SOHO). ” concludes the report. Pierluigi Paganini.

DNS 128

DNS Firmware VPN Risk 128

Malwarebytes

JANUARY 22, 2024

In December 2023, the US charged two Russians believed to be members of this group, for their role in a campaign that hacked government accounts. These lure documents, which are harmless PDF files, are sent to the target, but when they open them the content appears to be encrypted.

Social Engineering 91

Social Engineering Government Media DNS 91

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). SecurityAffairs – hacking, newsletter). To nominate, please visit:?. Pierluigi Paganini.

Ransomware 114

Ransomware DNS Cybercrime Hacking 114

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. SecurityAffairs – hacking, Ttint botnet). This botnet does not seem to be a very typical player.” Pierluigi Paganini.

IoT 138

IoT Firmware DNS Advertising 138

Security Affairs

FEBRUARY 18, 2024

Datacenter Proxies: Choosing the Right Option CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog Canada Gov plans to ban the Flipper Zero to curb car thefts ExpressVPN leaked DNS requests due to a bug in the split tunneling feature 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data US (..)

Cybercrime 96

Cybercrime Ransomware Malware Data breaches 96

Security Affairs

SEPTEMBER 25, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 385 appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here. gov adds more Chinese Telecom firms to the Covered List Imperva blocked a record DDoS attack with 25.3

Cryptocurrency 83

Cryptocurrency Data breaches DNS DDOS 83

Security Affairs

JANUARY 20, 2022

Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.”

Ransomware 109

Ransomware Banking Malware Encryption 109

Security Affairs

JANUARY 2, 2023

The malicious binary performs the following actions: Get system information; Reads the following files: /etc/passwd. Exfiltrate the collected data via encrypted DNS queries to the domain *.h4ck[.]cfd, cfd, using the DNS server wheezy[.]io. SecurityAffairs – hacking, PyPI). The first 1,000 files in $HOME/*.

DNS 85

DNS Encryption Hacking Information Security 85

Security Affairs

AUGUST 18, 2021

The Diavol ransomware was compiled with Microsoft Visual C/C++ Compiler, it uses user-mode Asynchronous Procedure Calls (APCs) without symmetric encryption algorithm for encryption, which has worse performance compared to symmetric algorithms. Anchor DNS ), except for the username field. SecurityAffairs – hacking, cybercrime).

Ransomware 100

Ransomware DNS Cybercrime Malware 100

Security Affairs

MAY 15, 2023

Merdoor is a fully-featured backdoor that supports multiple capabilities, including installing itself as a service, keylogging, a variety of methods to communicate with its command-and-control (C&C) server (HTTP, HTTPS, DNS, UDP, TCP), and the ability to listen on a local port for commands.

Encryption 82

Encryption DNS Phishing Malware 82

Security Affairs

NOVEMBER 19, 2020

Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.” Pierluigi Paganini.

Ransomware 113

Ransomware DNS Encryption Hacking 113

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

NOVEMBER 9, 2020

“The Snugy backdoor uses a DNS tunneling channel to run commands on the compromised server. The threat actor would log into the same legitimate email account and create an email draft with a subject of “555,” which includes the command in an encrypted and base64 encoded format. SecurityAffairs – hacking, Microsoft Exchange).

DNS 112

DNS Accountability Government Cyber Attacks 112

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine. Pierluigi Paganini.

DNS 80

DNS Advertising Spyware Software 80

Security Affairs

JUNE 20, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Spyware 70

Spyware DNS Surveillance Ransomware 70

Security Affairs

AUGUST 29, 2023

The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. The attackers attempted to verify outbound network connectivity with a ping command and executed host commands for a subnet-wide DNS lookup. Network-segmentation controls blocked this activity too.

VPN 103

VPN Ransomware DNS Malware 103

Security Affairs

FEBRUARY 12, 2024

ExpressVPN addressed a bug in the split tunneling feature that exposed the domains visited by the users to configured DNS servers. The expert noticed that the DNS queries were sent to the DNS server configured on the computer. No other VPN protections, such as encryption, were affected.” ” reads the advisory.

DNS 112

DNS VPN Encryption Internet 112

Security Affairs

OCTOBER 20, 2021

“However, instead of sending it in cleartext, the client deploys a symmetric AES encryption for any communication over the WebSocket for the first exchange, as no shared secret is established yet, and the AES encryption will generate a default key for this first exchange. SecurityAffairs – hacking, PurpleFox botnet).

Encryption 88

Encryption DNS Architecture Firewall 88

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points. SecurityAffairs – GALLIUM, hacking).

Telecommunications 66

Telecommunications DNS Malware Advertising 66

Security Affairs

OCTOBER 22, 2021

xyz” TLD that are randomly generated and that stored in an encrypted form inside the binary. Upon contacting the C2, the rootkit will select a random domain from the list, each such domain having several DNS A records. SecurityAffairs – hacking, cyber security). Follow me on Twitter: @securityaffairs and Facebook.

Malware 109

Malware DNS Internet Internet 109

Daniel Miessler

SEPTEMBER 27, 2020

They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. VPNs encrypt the traffic between you and some endpoint on the internet, which is where your VPN is based. Super Hackers Trying to Hack You. This is true.

VPN 326

VPN Risk Hacking Encryption 326

Security Affairs

JULY 11, 2022

Operators can easily make this configuration through an interface that uses the CloudFlare API for configuring new DNS zones. As observed, criminals are using the Let’s Encrypt CA to create valid HTTPs certificates. SecurityAffairs – hacking, Anubis). The ANUBIS network phishing campaigns are masked through the Cloudflare CDN.

Phishing 100

Phishing Social Engineering Banking Engineering 100

Security Affairs

JULY 23, 2019

Attackers also noticed that systems infected with the above two families were also targeted with the RoyalDNS malware that uses DNS to communicate with the C&C server. Once executed the command the backdoor returns output through DNS. SecurityAffairs – APT15, hacking). Pierluigi Paganini.

DNS 86

DNS Malware Advertising Manufacturing 86

Security Affairs

OCTOBER 12, 2019

FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic. SecurityAffairs – FIN7, hacking).

Identity Theft 75

Identity Theft Hacking Advertising DNS 75

eSecurity Planet

JUNE 21, 2022

Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on. GSEC is intended for anyone new to cyber security who has some background in information systems and networks.

Cybersecurity 120

Cybersecurity Penetration Testing System Administration Cyber Attacks 120

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches 99

Data breaches DNS Advertising Engineering 99

Security Affairs

AUGUST 10, 2020

The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception. Pavel explained that attackers could also collect information even when the traffic is encrypted. SecurityAffairs – hacking, satellite).

Internet 92

Internet Internet Advertising Encryption 92

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. Adding this information to the block page would increase the transparency and trustworthiness of Telenor Myanmar.

Internet 74

Internet Internet Telecommunications DNS 74

Security Affairs

MARCH 22, 2020

. “On March 16th I have found an unprotected and thus publicly available Elasticsearch instance which appeared to be managed by a UK-based security company, according to the SSL certificate and reverse DNS records.” ” wrote Security Discovery’s researcher Bob Diachenko. Adobe, Last.

Data breaches 60

Data breaches DNS Advertising Engineering 60

Security Affairs

NOVEMBER 21, 2019

.” The analysis of the bot revealed that it supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather Bot information, execute system commands, run encrypted files specified in URLs, DDoS attack, etc.

DDOS 80

DDOS System Administration Advertising DNS 80

Security Affairs

AUGUST 7, 2019

T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). They begun development by introducing crafted communication protocol over DNS and later they added, to such a layer, encoding and encryption self build protocols.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

Security Affairs

AUGUST 20, 2019

The Trojan is used during the lateral movement stage and is designed to control compromised systems by performing tasks through the command shell and tunneling traffic using the DNS protocol. Silence has also changed its encryption alphabets, string encryption, and commands for the bot and the main module. APT, hacking).

Banking 56

Banking Cybercrime Cybersecurity Advertising 56

Security Affairs

FEBRUARY 5, 2021

The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malicious code also leverages other techniques to avoid detection, for example it modifies the system DNS resolvers and uses Google’s public DNS servers to bypass DNS monitoring tools.

Malware 110

Malware DNS Cryptocurrency Internet 110