DNS, Hacking and Passwords - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Morphing Meerkat phishing kits exploit DNS MX records

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. By July 2023 kits could dynamically load phishing pages based on DNS MX records.

DNS

DNS Phishing Banking Hacking

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking

Hacking Social Engineering Phishing Scams

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text: The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Running a reverse DNS lookup on this 111.90.149[.]49 Image: Escrow.com.

Phishing

Phishing DNS Social Engineering Accountability

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization.

Passwords

Passwords DNS Malware Advertising

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. based domain name registrar and hosting provider. ” SAY WHAT?

DNS

DNS Internet Internet Computers and Electronics

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. But he denied ever participating in illegal hacking activities.

DNS

DNS Penetration Testing Malware Hacking

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

Who’s Hacking You?

Webroot

MARCH 9, 2021

Pretending to be someone else, these hackers manipulate their victims into opening doors to systems or unwittingly sharing passwords or banking details. DNS (Domain Name System) is especially vulnerable. However, cybercriminals can also use legal DNS traffic surveillance to their advantage. The post Who’s Hacking You?

Hacking

Hacking DNS Surveillance Cybercrime

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Encryption InfoSec

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Telecommunications Advertising

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

The hacker behind Matrix.org hack offers advice to improve security

Security Affairs

APRIL 12, 2019

The hacker that hacked and defaced Matrix.org decided to disclose the security issues discovered during the attack and offers advice. This week, the hacker behind the hack of Matrix.org decided to disclose the vulnerabilities discovered during the attack. “An attacker gained access to the servers hosting Matrix.org.

Hacking

Hacking DNS Passwords Data breaches

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations. Attackers inserted rogue JavaScript to capture usernames and passwords in real-time, enhancing lateral movement within networks. This infrastructure technique is versatile, supporting operations globally. .

Telecommunications

Telecommunications DNS Hacking Passwords

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

MARCH 29, 2021

We learned, for instance, that even IT pros could use a refresher on basic password hygiene through security awareness training. Firewalls embed threat intelligence and DNS security solutions are used to both block malware and control internet use. DNS security solutions are one way of addressing this risk.

Hacking

Hacking DNS Firewall Malware

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

The flaw affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325. The request includes parameters for a username (user=messagebus) and an empty field for the password ( passwd= ). DNS-327L Version 1.09, Version 1.00.0409.2013 DNS-340L Version 1.08

Internet

Internet Internet DNS Hacking

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware

Spyware Data breaches DNS Artificial Intelligence

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The communications are not encrypted, however the WiFi password is sent encrypted during set up (albeit trivial to decrypt).” The experts demonstrated the remote management of the Twinkly lights carrying out the DNS rebinding attack technique. ” reads the analysis published by MWR InfoSecurity. Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Penetration Testing

JUNE 15, 2025

CVE-2025-45984: Route to Root via Password Manipulation – This vulnerability stems from the sub_45B238 function, where improper filtering of the routepwd parameter leads to unsanitized input being passed to sprintf, and ultimately executed through the bl_do_system function. Monitor for Anomalies : Look for suspicious directories (e.g.,

Firmware

Firmware DNS Penetration Testing Malware

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Security Affairs

DECEMBER 27, 2024

The scanner used by the FICORA botnet includes a hard-coded username and password for its brute force attack function. The malware FICORA is a variant of the Mirai malware, it includes DDoS attack capabilities using multiple protocols such as UDP, TCP, and DNS. 221”) to fetch the bot to target various Linux architectures.

Architecture

Architecture Malware DNS DDOS

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords. While they can’t directly read your password, they can still download malware or gather enough information to steal your identity.

DNS

DNS VPN Encryption Passwords

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

“Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Malware Internet Cryptocurrency

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

An attacker can trigger the flaw by supplying carefully crafted username and/or password as base64 encoded strings inside the fields aa and ab of the login page. Leak of the sensitive data stored on the router (keys, administrative passwords, etc.) SecurityAffairs – hacking, DrayTek Vigor). Pierluigi Paganini.

Hacking

Hacking Internet Internet Passwords

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Dell Wyse ThinOS flaws allow hacking think clients

Security Affairs

DECEMBER 21, 2020

The experts pointed out that even setting the username and password would not enough to protect the devices because the credentials would be shared across a large fleet of clients. Configuring and enabling VNC for full remote control, leaking remote desktop credentials, and manipulating DNS results are some of the scenarios to be aware of.”

Hacking

Hacking Firmware DNS Healthcare

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

“The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July. Upon investigating the incidents, the researchers determined that a DNS poisoning attack at the ISP level caused the infection.

Internet

Internet Internet DNS Telecommunications

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

” Hacking campaigns exploiting poor domain name security can be more subtle. We are all weary of the endless cycle of hacks and data breaches and we’re increasingly blaming businesses that have been compromised rather than the hackers themselves. That spells trouble if you’re the one that gets hacked.

Hacking

Hacking Retail Cyber Insurance Authentication

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites.

DNS

DNS Malware Firmware Phishing

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” states the analysis published by Avast.

DNS

DNS Passwords Advertising Banking

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. Additionally, it can interact with other devices on the LAN and transfer data or deploy new agents.

Malware

Malware DNS Authentication Telecommunications

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

DECEMBER 12, 2021

ssh/authorized_keys file, the attacker can directly log into the remote server without password authentication. During this process, a number of DNS requests are generated.” SecurityAffairs – hacking, Log4Shell). After the public key is added to the ~/.ssh/authorized_keys The report also includes IOCs for these attacks.

DDOS

DDOS DNS Authentication Passwords

NEW TECH: A couple of tools that deserve wide use — to preserve the integrity of U.S. elections

The Last Watchdog

JULY 1, 2019

What this tells me is that the presidential candidates, at least, actually appear to be heeding lessons learned from the hacking John Podesta’s email account – and all of the havoc Russia was able to foment in our 2016 elections. Kudos to Reitnger — and to philanthropist Craig Newmark, the founder of Craigslist.com.

Cyber Risk

Cyber Risk DNS Phishing Backups

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

NOVEMBER 21, 2021

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. SecurityAffairs – hacking, Operation Cyclone). This technique tricks the target’s package manager into downloading and installing the malicious module. ” concludes the report.

DNS

DNS Passwords Malware Hacking

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications

Telecommunications Mobile Hacking Architecture

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Attackers used a new method of phishing with malicious mobile configurations along with previously observed DNS manipulation technique. SecurityAffairs – Roaming Mantis, hacking). Pierluigi Paganini.

DNS

DNS Mobile Phishing Malware

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

Shotliff shared an April 2014 password reset email from Black Hat World, which shows he forwarded the plaintext password to the email address legendboy2050@yahoo.com. “I had an account that was simply hacked from me shortly after and I never bothered about it because it wasn’t mine in the first place,” he explained.

Accountability

Accountability Advertising Marketing Malware

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

Hackers compromiseD -Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Experts from BleepingComputer reported that attackers would change the configured DNS servers to 109 [. 234.35.230 and 94 [. 103.82.249. com winimage.com.

Malware

Malware DNS Advertising Cryptocurrency

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Leaked Source code.

DNS

DNS Computers and Electronics Penetration Testing Government

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. “LYCEUM initially accesses an organization using account credentials obtained via password spraying or brute-force attacks. The malware uses DNS and HTTP-based communication mechanisms.

DNS

DNS Passwords Penetration Testing Social Engineering

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Image: Spur.us. The disruption at 911[.]re Who is the “ Alexander S.”

Malware

Malware Cybercrime Internet Internet

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Morphing Meerkat phishing kits exploit DNS MX records

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Linksys force password reset to prevent Router hijacking

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

French Firms Rocked by Kasbah Hacker?

Some Zyxel devices can be hacked via DNS requests

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Who’s Hacking You?

NCSC report warns of DNS Hijacking Attacks

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

DHS issues emergency Directive to prevent DNS hijacking attacks

Roaming Mantis uses new DNS changer in its Wroba mobile malware

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

The hacker behind Matrix.org hack offers advice to improve security

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Hacking the Twinkly IoT Christmas lights

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Experts warn of a surge in activity associated FICORA and Kaiten botnets

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Dell Wyse ThinOS flaws allow hacking think clients

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

For nearly a year, Brazilian users have been targeted with router attacks

Cuttlefish malware targets enterprise-grade SOHO routers

Two Linux botnets already exploit Log4Shell flaw in Log4j

NEW TECH: A couple of tools that deserve wide use — to preserve the integrity of U.S. elections

Experts found 11 malicious Python packages in the PyPI repository

China-linked LightBasin group accessed calling records from telcos worldwide

Recent Roaming Mantis campaign hit hundreds of users worldwide

Who’s Behind the Botnet-Based Service BHProxies?

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Iran-linked APT34: Analyzing the webmask project

Lyceum APT made the headlines with attacks in Middle East

No SOCKS, No Shoes, No Malware Proxy Services!

Stay Connected