August 1, 2024 at 01:14PM Threat actors have hijacked over 35,000 registered domains in Sitting Ducks attacks, enabling them to claim a domain without accessing the owner’s account at the DNS provider or registrar. Based on the meeting notes, it seems that threat actors have carried out attacks, known as Sitting Ducks attacks, by hijacking … Read more
July 25, 2024 at 03:40AM The Internet Systems Consortium (ISC) has released patches for multiple security vulnerabilities in BIND 9 DNS software, which could be exploited for denial-of-service attacks. The list of four vulnerabilities includes logic errors, excessive CPU load, crafting large numbers of resource record types, and malicious DNS client queries. The flaws have … Read more
May 14, 2024 at 08:35AM Threat actors are using DNS tunneling to track email delivery and victim interaction with malicious domains, scan networks, and perform reflection attacks. Palo Alto Networks has identified three campaigns employing this technique, tracking over 700 victims with 75 IP addresses resolving 658 domains. Organizations should update resolver software to mitigate … Read more
May 13, 2024 at 01:56PM Threat actors use DNS tunneling to track targets’ interactions with phishing emails, scan networks for vulnerabilities, and bypass firewalls. They encode data in DNS queries using algorithms like Base16 or Base64. “TrkCdn” and “SecShow” campaigns demonstrate how attackers track victims and scan networks using DNS tunneling. Unit 42 recommends DNS … Read more
April 29, 2024 at 11:52AM RenĂ©e Burton, VP of threat research at Infoblox, uncovered Muddling Meerkat, a China-linked threat group evading the Great Firewall using open DNS resolvers and mail records. Their covert DNS traffic, possibly for reconnaissance or DNS denial-of-service attacks, demonstrates expertise in bypassing China’s Internet censorship. Infoblox and partners are investigating this … Read more
April 29, 2024 at 10:00AM Since October 2019, a new cyber threat, Muddling Meerkat, has used DNS activities to evade security measures and conduct network reconnaissance worldwide. Linked to China, the threat exploits DNS open resolvers and manipulates DNS queries from Chinese IP space. This sophisticated threat involves false MX record responses and may be … Read more
March 5, 2024 at 06:45AM Savvy Seahorse, a new DNS threat actor, uses sophisticated techniques to lure victims into fake investment platforms, targeting individuals from various countries. They use DNS records to create a traffic distribution system, making it difficult to detect and take down their phishing sites. Victims are tricked into providing personal information … Read more
February 26, 2024 at 09:15AM Over 8,000 subdomains of reputable brands and institutions have been illicitly commandeered as part of a spam and click monetization system known as SubdoMailing. The ResurrecAds threat actor is responsible for this intricate campaign, using the hijacked domains to distribute phishing emails and circumvent security measures. Guardio Labs is actively … Read more
February 20, 2024 at 01:37PM Researchers recently uncovered a major DNS security flaw, “KeyTrap,” that can potentially cripple large sections of the Internet. Exploiting a flaw in the DNSSEC extension, a single packet can force servers into a loop, consuming computing power and causing widespread outages. Patching efforts are underway, but a more comprehensive solution … Read more