Security Affairs

MAY 2, 2021

Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box.

Password Management 57

Password Management DNS Ransomware Malware 57

Security Affairs

JULY 15, 2020

“Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS 59

DNS Advertising Engineering Internet 59

SecureList

DECEMBER 2, 2022

Usually after the phrase there are MD5 hashes [1] , IP addresses and other technical data that should help information security specialists to counter a specific threat. It is a highly demanding activity, which requires time, multidisciplinary skills, efficient technology, innovation and dedication.

Cyber threats 117

Cyber threats DNS Technology Engineering 117

Security Affairs

AUGUST 27, 2019

Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.” The threat actors carried out spearphishing attacks using weaponized Excel attachments to deliver the DanBot malware.

DNS 82

DNS Passwords Penetration Testing Social Engineering 82

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet 118

Internet Internet DNS Advertising 118

Security Affairs

NOVEMBER 11, 2022

Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Ransomware 85

Ransomware Telecommunications DNS Hacking 85

Security Affairs

JANUARY 18, 2022

The APT group targeted organizations in various industries, including the aviation, gaming, pharmaceuticals, technology, telecoms, and software development industries. ” The threat actors were observed deploying Cobalt Strike in the infected networks, along with a set of additional malware and web shells.

Cryptocurrency 110

Cryptocurrency Social Engineering Media Phishing 110

Security Affairs

NOVEMBER 19, 2020

Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.”

Ransomware 113

Ransomware DNS Encryption Hacking 113

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime 96

Cybercrime Phishing Banking Telecommunications 96

eSecurity Planet

JUNE 21, 2022

CISA is ISACA’s (Information Systems Audit and Control Association) high-level certification designed for those who audit, control, monitor, and assess an organization’s information technology and business systems. GSEC is intended for anyone new to cyber security who has some background in information systems and networks.

Cybersecurity 120

Cybersecurity Penetration Testing System Administration Cyber Attacks 120

Security Affairs

JUNE 26, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

DNS 80

DNS Manufacturing Education Authentication 80

Security Affairs

AUGUST 7, 2019

T1388) , from group_b to group_d time frames OilRig used real Compromised User Accountsextracted by Malware (rif. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). I do have a MD in computer engineering and a PhD on computer security from University of Bologna.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

Pen Test Partners

SEPTEMBER 13, 2023

Furthermore, technological solutions must be in place to prevent the copy and relocation of PAN data. IDS/IPS solutions must detect and alert on any covert malware communications being used such as DNS tunnelling. Implementation timeline: Image credit: [link] PCI v4.0 Section 2 No significant changes in this section.

Authentication 52

Authentication Passwords Media Encryption 52

Security Affairs

FEBRUARY 14, 2021

The sized sites were at jstash.bazar, jstash.lib, jstash.emc, and jstash.coin, which are all those accessible via blockchain DNS. At the time, the authorities only seized some of the servers used by the carding portal, but the Joker’s Stash site hosted on the ToR network was not affected by the operations conducted by the police.

Cybercrime 97

Cybercrime Backups Hacking DNS 97

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). We hypothesize that the general aim is to provide operators with “full-spectrum malware” in order to evade security products.

Malware 105

Malware DNS Government Software 105

Cisco Security

AUGUST 29, 2022

25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. Cisco is a Premium Partner of the Black Hat NOC , and is the Official Wired & Wireless Network Equipment, Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider of Black Hat. Cisco Secure Endpoint for iOS/Security Connector.

DNS 75

DNS Wireless Malware Firewall 75

Security Affairs

NOVEMBER 12, 2019

The two Macros decoded a Javascript payload acting as a drop and execute by using a well-known strategy as described in: “ Frequent VBA Macros used in Office Malware ”. The TA505 group , that is known to have operated both the Dridex and Locky malware families, continues to make small changes to its operations. net http[://com-mk84.net.

Cybercrime 42

Cybercrime Computers and Electronics Penetration Testing Malware 42

Lenny Zeltser

JULY 6, 2017

When analyzing malware or performing other security research, it’s often useful to tunnel connections through a VPN in a public cloud. Similarly, your DNS traffic should be getting directed through the VPN tunnel, concealing your client’s locally-configured DNS server.

VPN 111

VPN Software DNS Internet 111

Security Affairs

JULY 28, 2022

Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. Microsoft states that multiple news reports have linked the company to the Subzero malware toolset used to hack a broad range of devices, phones, computers, and network and internet-connected devices.

Surveillance 91

Surveillance Malware Authentication DNS 91

Security Affairs

AUGUST 6, 2019

HTAs are standalone applications that execute using the same models and technologies of Internet Explorer, but outside of the browser. ”. The malware retrieves the HTA application to run from a remote host behind the Bitly shortening service. Instead, the second chunk hides the next malware stage invocation within a Powershell script.

Malware 62

Malware Advertising DNS Education 62

Cisco Security

NOVEMBER 29, 2021

Cisco Secure supports the NOC operations with DNS visibility and architecture intelligence ( Cisco Umbrella and Cisco Umbrella Investigate ) and automated malware analysis and threat intelligence ( Cisco Secure Malware Analytics (Threat Grid) , backed by Cisco Talos Intelligence and Cisco SecureX ).

DNS 123

DNS Mobile Malware Firewall 123

Cisco Security

DECEMBER 22, 2022

Integrating Security. As the needs of Black Hat evolved, so did the Cisco Secure Technologies in the NOC: Cisco SecureX : Extended Detection and Response actions / Automations. Cisco Umbrella : DNS visibility and security. NetWitness extracted the payload and sent it to Secure Malware Analytics for detonation.

DNS 71

DNS Malware Accountability Wireless 71

eSecurity Planet

APRIL 26, 2024

Server: Provides powerful computing and storage in local, cloud, and data center networks to run services (Active Directory, DNS, email, databases, apps). Endpoint: Enables access for human users and computer services and commonly includes PCs, laptops, Internet of Things (IoT), and operational technology (OT).

Architecture 120

Architecture Network Security Firewall Risk 120

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Eva Galperi n | @evacide.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. We also deployed ThousandEyes for Network Assurance. Or, is from a briefing or a demo in the Business Hall?

Wireless 60

Wireless DNS Mobile Technology 60

Cisco Security

MAY 27, 2022

Malware Threat Intelligence made easy and available, with Cisco Secure Malware Analytics and SecureX by Ben Greenbaum . In addition to the Meraki networking gear, Cisco Secure also shipped two Umbrella DNS virtual appliances to Black Hat Asia, for internal network visibility with redundancy, in addition to providing: .

Malware 73

Malware Accountability DNS Technology 73

eSecurity Planet

MAY 28, 2021

Malware detection has long been a game of signature detection. With ML and artificial intelligence (AI) using thousands of strains to train algorithms, one would surmise that the ability to detect malware is only improving. Hackers are using the same ML and AI technology to avoid using recognized malware.

Software 119

Software DNS Firmware VPN 119

NopSec

FEBRUARY 15, 2017

Phishing is a standard method of delivering malware, including ransomware. The attacker may utilize a website such as nwtools.com to look through the target organization’s DNS records. An attacker can enjoy a large payoff even with a very low success rate.

Phishing 40

Phishing Social Engineering Engineering Healthcare 40

Security Affairs

JULY 14, 2021

Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. cloudfront[.]net net since May 2021.

Adware 120

Adware Encryption Malware Passwords 120

Security Affairs

DECEMBER 20, 2019

Experts at Yoroi/Cybaze ZLab spotted a new sophisticated malware implant dubbed JsOutProx that seems to be unrelated to mainstream cyber weapons. During our threat intelligence source monitoring operations, we spotted a new sophisticated malware implant, dubbed JsOutProx, that seems to be unrelated to mainstream cyber weapons.

Malware 59

Malware DNS Architecture Advertising 59

Security Affairs

APRIL 30, 2021

Thanks to its proprietary Graph Analysis system, Group-IB researchers analyzed dozens of SSL certificates, SSH keys, and DNS and were able to track down malicious infrastructure, unveil the IP addresses of the real servers where phishing content was stored, and connect the domains into one distributed scam network. Twitter | LinkedIn.

Scams 97

Scams Phishing Risk Information Security 97

Cisco Security

AUGUST 29, 2022

Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. In technology, we plan as best as we can, execute tactically with the resources and knowledge we have at the time, focus on the strategic mission, adjust as the circumstances require, collaborate, and improve; with transparency and humility.

Engineering 72

Engineering Wireless Malware DNS 72

Cisco Security

MAY 26, 2022

It is a balance, as we must allow trainings and demos connect to malicious websites, download malware and execute. We provided visibility access to the Black Hat NOC management and the technology partners (along with full API access), so they could integrate with the network platform.

Wireless 81

Wireless Mobile Engineering Firewall 81

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Compromising IT networks using traditional techniques and malware — including living off the land attacks — is the main vector for penetrating isolated segments of OT networks.

Banking 84

Banking Telecommunications Marketing Internet 84

Security Affairs

JULY 7, 2019

Is Your Browser Secure? Heres How to Secure Your Web Browser Against Attacks! City Council of Somerville bans facial recognition technology. Cryptomining Campaign involves Golang malware to target Linux servers. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH).

Scams 47

Scams Spyware DNS Advertising 47

Cisco Security

DECEMBER 22, 2022

Cisco is honored to be a Premium Partner of the Black Hat NOC, and is the Official Network Platform, Mobile Device Management, Malware Analysis and DNS (Domain Name Service) Provider of Black Hat. For 25 years, Black Hat has provided attendees with the very latest in information security research, development, and trends.

Engineering 62

Engineering Mobile Malware Wireless 62

Security Affairs

DECEMBER 22, 2020

“Prevasio would like to thank Zetalytics for providing us with an updated (larger) list of passive (historic) DNS queries for the domains generated by the malware.” Researchers from several security firms, including TrueSec , Prevasio , QiAnXin RedDrip , and Kaspersky shared the results of their analysis.

Hacking 137

Hacking Banking Manufacturing DNS 137