DNS, Hacking and Information Security - Cyber Security Informer

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS

DNS Malware Firmware Authentication

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. By July 2023 kits could dynamically load phishing pages based on DNS MX records.

DNS

DNS Phishing Banking Hacking

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Government

Palo Alto Networks fixed a high-severity PAN-OS flaw

Security Affairs

DECEMBER 27, 2024

“A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. The vulnerability can be exploited only if DNS Security logging is enabled.

DNS

DNS Firewall Spyware Software

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Security Affairs

JANUARY 3, 2025

. “SafeBreach Labs developed a proof of concept exploit for CVE-2024-49113 that crashes any unpatched Windows Server (not just DCs) with no pre-requisites except that the DNS server of the victim DC has Internet connectivity.” ” states the report published by SafeBreach.

DNS

DNS Internet Internet Hacking

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 6, 2024

The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb ) affects dns/views.py “getresetstatus in dns/views.py “getresetstatus in dns/views.py The vulnerability was exploited in a large-scale hacking campaign that targeted more than 22,000 CyberPanel instances. and ftp/views.py. and ftp/views.py

DNS

DNS Authentication Ransomware Hacking

TsuNAME flaw exposes DNS servers to DDoS attacks

Security Affairs

MAY 9, 2021

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named TsuNAME, in some DNS resolvers. queries/s).” queries/s).”

DNS

DNS DDOS Hacking Information Security

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

MARCH 17, 2022

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. “In short, B1txor20 is a Backdoor for the Linux platform, which uses DNS Tunnel technology to build C2 communication channels. In this way, Bot and C2 achieve communication with the help of DNS protocol.”

DNS

DNS Malware Technology Encryption

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide. ” concludes the report.

DNS

DNS Firewall DDOS Hacking

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

BIND updates fix four high-severity DoS bugs in the DNS software suite

Security Affairs

JULY 26, 2024

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. In BIND 9 versions 9.18.1 S1 through 9.18.27-S1,

DNS

DNS Software Internet Internet

A DNS flaw impacts a library used by millions of IoT devices

Security Affairs

MAY 3, 2022

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. ” continues the advisory.

DNS

DNS IoT Hacking Cybersecurity

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. reads the analysis published by CheckPoint. ” states Krebs.

DNS

DNS Government Advertising Engineering

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Security Affairs

FEBRUARY 12, 2024

ExpressVPN addressed a bug in the split tunneling feature that exposed the domains visited by the users to configured DNS servers. The expert noticed that the DNS queries were sent to the DNS server configured on the computer. Anyway, disabling the split tunneling feature will prevent the leak of the DNS requests.

DNS

DNS VPN Encryption Internet

Flaws in the BIND software expose DNS servers to attacks

Security Affairs

MAY 1, 2021

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, BIND). Follow me on Twitter: @securityaffairs and Facebook.

DNS

DNS Software Internet Internet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. “In January 2019 the NCSC published an alert to highlight a large-scale global campaign to hijack Domain Name Systems (DNS).”

DNS

DNS Social Engineering Accountability Advertising

ISC fixed high-severity flaws in the BIND DNS software

Security Affairs

SEPTEMBER 25, 2022

The Internet Systems Consortium (ISC) fixed six remotely exploitable vulnerabilities in the BIND DNS software. The Internet Systems Consortium (ISC) this week released security patches to address six remotely exploitable vulnerabilities in BIND DNS software. SecurityAffairs – hacking, BIND DNS).

DNS

DNS Software Internet Internet

Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software

Security Affairs

AUGUST 20, 2021

The Internet Systems Consortium (ISC) addressed a high-severity denial-of-service (DoS) flaw (CVE-2021-25218) affecting the BIND DNS software. The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218 , that affects its BIND DNS software.

DNS

DNS Internet Internet Software

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

JULY 14, 2020

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS. An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server. Non-Microsoft DNS Servers are not affected.”

DNS

DNS Advertising Hacking Malware

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,DoS)

Authentication

Authentication System Administration DNS Hacking

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Security Affairs

MAY 13, 2025

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors. . ” reads the report published by Microsoft.

DNS

DNS Telecommunications Architecture Media

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

Security Affairs

APRIL 10, 2025

DNS records link domains like servicewrap-go[.]com ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,spam) All versions analyzed used the same Telegram token and chat ID. The researchers noticed that the spam domains rotate frequently to evade detection.

eCommerce

eCommerce Technology DNS Business Services

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking

Hacking Malware Advertising DNS

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

Security Affairs

MARCH 12, 2025

Microsoft Patch Tuesday security updates for March 2025 addressed 56 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure,NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server. Six vulnerabilities are rated Critical, and 50 are rated Important in severity.

DNS

DNS Hacking Information Security

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

The flaw affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325. The flaw impacts the following devices: DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013 DNS-325 Version 1.01 DNS-327L Version 1.09, Version 1.00.0409.2013 DNS-340L Version 1.08

Internet

Internet Internet DNS Hacking

ISC fixed high-severity flaws in DNS software suite BIND

Security Affairs

JANUARY 28, 2023

BIND is a suite of software for interacting with the Domain Name System (DNS) maintained by the Internet Systems Consortium (ISC). The ISC released security patches to address multiple high-severity denial-of-service DoS vulnerabilities in the DNS software suite. Then ‘named’ may exit due to a lack of free memory.

DNS

DNS Software Hacking Internet

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

They also updated the OceanMap stealer to exfiltrate browser credentials and ran phishing campaigns to steal Yahoo and UKR.NET login info using fake pages and dynamic DNS to hide infrastructure. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ANSSI)

Government

Government Phishing DNS VPN

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Security Affairs

DECEMBER 16, 2020

In a security advisory published by SolarWinds, the company confirmed the supply chain attack, the threat actors compromised versions 2019.4 The C&C domain communicates to the bot via DNS responses that contained a CNAME field with information on the domain that will provide further commands and payload to the SUNBURST backdoor.

Hacking

Hacking DNS VPN Software

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Security Affairs

DECEMBER 10, 2024

Based on available Passive DNS records, Resecurity identified over 144 domain names registered by the actors in the.com,om,site,top and.icu domain zones. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Smishing Triad )

Social Engineering

Social Engineering Phishing Banking DNS

Nuclei flaw allows signature bypass and code execution

Security Affairs

JANUARY 5, 2025

Nuclei supports multiple protocols, including HTTP, TCP, DNS, TLS, andCode. Nuclei templates using the code protocol can assess system security but risk executing malicious code locally, potentially compromising servers or infrastructure.

DNS

DNS Risk Engineering Hacking

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia) This infrastructure technique is versatile, supporting operations globally. .

Telecommunications

Telecommunications DNS Hacking Passwords

Sitting Ducks attack technique exposes over a million domains to hijacking

Security Affairs

AUGUST 1, 2024

Researchers warn of an attack vector in the DNS, called the Sitting Ducks, that exposes over a million domains to hackers’ takeover. Researchers from Eclypsium and Infoblox have identified an attack vector in the domain name system (DNS), dubbed the Sitting Ducks attack. ” continues the report.

DNS

DNS Accountability Risk Hacking

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. SecurityAffairs – hacking, Tutanota).

DDOS

DDOS Encryption DNS Advertising

Chinese StormBamboo APT compromised ISP to deliver malware

Security Affairs

AUGUST 4, 2024

Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Malware

Malware DNS Firewall Software

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

Security Affairs

JANUARY 19, 2025

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Ransomware on ESXi: The mechanization of virtualized attacks FunkSec Alleged Top Ransomware Group Powered by AI Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C Malicious PyPI Package pycord-self Targets Discord Developers with Token Theft (..)

Malware

Malware Artificial Intelligence DNS Ransomware

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 11, 2024

The flaw affects D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L, these devices contain a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. CISA orders federal agencies to fix this vulnerability by May 2, 2024.

DNS

DNS Authentication Hacking Cybersecurity

Akamai software update triggered a bug that took offline major sites

Security Affairs

JULY 22, 2021

Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation Network, AWS, Google, and Salesforce. SecurityAffairs – hacking, DNS).

Software

Software DNS DDOS Technology

A crafty phishing campaign targets Microsoft OneDrive users

Security Affairs

JULY 30, 2024

The attack chain starts by tricking the recipient into clicking a button that claims to explain how to fix a DNS issue, suggesting that resolving this issue will grant access to a desired file. To fix the error, you need to update the DNS cache manually.” ” reads the report published by Trellix.

Phishing

Phishing DNS Social Engineering Engineering

MikroTik botnet relies on DNS misconfiguration to spread malware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Trending Sources

Morphing Meerkat phishing kits exploit DNS MX records

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Palo Alto Networks fixed a high-severity PAN-OS flaw

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

TsuNAME flaw exposes DNS servers to DDoS attacks

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

BIND updates fix four high-severity DoS bugs in the DNS software suite

A DNS flaw impacts a library used by millions of IoT devices

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Flaws in the BIND software expose DNS servers to attacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

NCSC report warns of DNS Hijacking Attacks

ISC fixed high-severity flaws in the BIND DNS software

Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Hackers use hackers spreading tainted hacking tools in long-running campaign

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

ISC fixed high-severity flaws in DNS software suite BIND

France links Russian APT28 to attacks on dozen French entities

Microsoft partnered with security firms to sinkhole the C2 used in SolarWinds hack

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Nuclei flaw allows signature bypass and code execution

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Sitting Ducks attack technique exposes over a million domains to hijacking

German encrypted email service Tutanota suffers DDoS attacks

Chinese StormBamboo APT compromised ISP to deliver malware

Linksys force password reset to prevent Router hijacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 29

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Akamai software update triggered a bug that took offline major sites

A crafty phishing campaign targets Microsoft OneDrive users

Stay Connected