SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 140

Malware Government Surveillance Spyware 140

eSecurity Planet

MARCH 22, 2023

Virtual Private Network (VPN) : For remote access, remote desktop protocol (RDP) no longer can be considered safe. Instead, organizations should use a virtual private network (VPN) solution. Similarly, spoofed domain name system (DNS) and IP addresses can redirect users from legitimate connections to dangerous and malicious websites.

Firewall 96

Firewall Network Security Penetration Testing Encryption 96

SecureList

APRIL 27, 2021

During routine monitoring of detections for FinFisher spyware tools, we discovered traces that point to recent FinFly Web deployments. The attackers used vulnerabilities in an SSL-VPN product to deploy a multi-layered loader we dubbed Ecipekac (aka DESLoader, SigLoader and HEAVYHAND). Final thoughts.

Malware 138

Malware Spyware Government Social Engineering 138