#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

DNS | Breaking Cybersecurity News | The Hacker News

Category — DNS
Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

Aug 30, 2024 Cyber Threat / Cyber Espionage
Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. "The group's infrastructure is meticulously crafted, utilizing dynamic DNS (DDNS) providers like Dynu, DNSEXIT, and Vitalwerks to register domains used in phishing attacks," the cybersecurity company said . "These domains often employ deceptive themes related to cloud services, file sharing, and document visualization to lure targets into revealing sensitive information or downloading malicious files." Examples include terms like "cloud," "uptimezone," "doceditor," "joincloud,"
Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season

Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season

Dec 12, 2022 DNS Security / Online Security
As the holiday season approaches, online shopping and gift-giving are at the top of many people's to-do lists. But before you hit the "buy" button, it's important to remember that this time of year is also the peak season for cybercriminals. In fact, cybercriminals often ramp up their efforts during the holidays, taking advantage of the influx of online shoppers and the general hustle and bustle of the season Don't let cybercriminals steal your holiday cheer – follow our simple steps to protect yourself and your personal information while shopping online, completing work tasks, or simply browsing the web. Check everything twice It's common for scammers to lure people in with fake deals and offers during the holiday season. They may promise deep discounts on popular items or claim to have limited-time offers that are too good to pass up. They may also create fake websites or emails that look like they are from legitimate companies to trick people into giv
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

May 03, 2022
Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System (DNS) implementation of two popular C libraries called  uClibc  and  uClibc-ng  that are used for developing embedded Linux systems. uClibc is known to be used by major vendors such as Linksys, Netgear, and Axis, as well as Linux distributions like Embedded Gentoo, potentially exposing millions of IoT devices to security threats. "The flaw is caused by the predictability of transaction IDs included in the DNS requests generated by the library, which may allow attackers to perform DNS poisoning attacks against the target device," Giannis Tsaraias and Andrea Palanca of Nozomi Networks  said  in a Monday write-up. DNS poisoning , also referred to as DNS spoofing, is the technique of corrupting a DNS resolver cache — which provides clients with the IP address a
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

Mar 16, 2022
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it  B1txor20  "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes." First observed propagating through the  Log4j vulnerability  on February 9, 2022, the malware leverages a technique called DNS tunneling to build communication channels with command-and-control (C2) servers by encoding data in DNS queries and responses. B1txor20, while also buggy in some ways, currently supports the ability to obtain a shell, execute arbitrary commands, install a rootkit, open a  SOCKS5 proxy , and functions to upload sensitive information back to the C2 server. Once a machine is successfully compromised, the malware utilizes the DNS tunnel to retrieve and execute co
Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Aug 04, 2021
Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. The shortcomings, collectively dubbed "INFRA:HALT," target NicheStack, potentially enabling an attacker to achieve remote code execution, denial of service, information leak, TCP spoofing, and even DNS cache poisoning. NicheStack (aka InterNiche stack) is a closed-source TCP/IP stack for embedded systems that is designed to provide internet connectivity industrial equipment, and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers (PLCs) and other products. "Attackers could disrupt a building's HVAC system or take
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

Jul 14, 2020
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw ( CVE-2020-1350 ), dubbed ' SigRed ' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization's IT infrastructure. A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. In a detailed report shared with The Hacker News, Check Point researcher Sagi Tzadik confirmed that the flaw is wormable in nature, allowing attackers to launch an attack that can spread
Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Sep 11, 2019
Immediately after Mozilla announced its plan to soon enable ' DNS over HTTPS ' (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, ' DNS over HTTPS ' performs DNS lookups—finding the server IP address of a certain domain name—over an encrypted HTTPS connection to a DNS server, rather than sending DNS queries in plaintext. The protocol that sends DNS queries over secure HTTPS connections has specifically been designed to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit. Though the privacy-focused technology is also helpful in preventing attackers from redirecting unsuspecting visitors to phishing and malware sites, DNS over HTTPS could also bring its own new challenges to the enterprise security so
GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

Oct 01, 2018
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS , the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data. According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers. GhostDNS System: List of Modules and Sub-Modules The GhostDNS system mainly includes four modules:
DNSChanger Malware is Back! Hijacking Routers to Target Every Connected Device

DNSChanger Malware is Back! Hijacking Routers to Target Every Connected Device

Dec 17, 2016
Next time when you see an advertisement of your favorite pair of shoes on any website, even if it is legitimate, just DO NOT CLICK ON IT. …Because that advertising could infect you in such a way that not just your system, but every device connected to your network would get affected. A few days ago, we reported about a new exploit kit, dubbed Stegano , that hides malicious code in the pixels of banner advertisements rotating on several high profile news websites. Now, researchers have discovered that attackers are targeting online users with an exploit kit called DNSChanger that is being distributed via advertisements that hide malicious code in image data. Remember DNSChanger? Yes, the same malware that infected millions of computers across the world in 2012. DNSChanger works by changing DNS server entries in infected computers to point to malicious servers under the control of the attackers, rather than the DNS servers provided by any ISP or organization. So, wheneve
An Army of Million Hacked IoT Devices Almost Broke the Internet Today

An Army of Million Hacked IoT Devices Almost Broke the Internet Today

Oct 22, 2016
A massive Distributed Denial of Service (DDoS) attack against Dyn , a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. But how the attack happened? What's the cause behind the attack? Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack. Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH. According to security intelligence firm Flashpoint , Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of
SRTT Vulnerability in BIND Software Puts DNS Protocol Security At Risk

SRTT Vulnerability in BIND Software Puts DNS Protocol Security At Risk

May 06, 2014
After the Heartbleed bug that exposed half of the Internet vulnerable to hackers thereby marking as one of the largest Internet vulnerability in recent history, the critical flaw in the implementation of the DNS protocol could also represent a serious menace to the Internet security. A Serious security vulnerability has been discovered in the algorithms of DNS software – BIND by the two Israeli students ' Roee Hay ' and ' Jonathan Kalechstein ', who are working under a project out at the Laboratory of Computer Communication & Networking in the Faculty of Computer Science at the Technion , which was led by Dr. Gabi Nakibly from Rafael (Rafael Advanced Defense Systems Ltd.). Although, Technion students have not provided any detail explanation about the vulnerability , but indicated that by exploiting the DNS protocol flaw an attacker could redirect the users who are trying to visit a legitimate website to a fake and bogus website which the attacker con
How to access Twitter in Turkey - #TwitterisBlockedinTurkey

How to access Twitter in Turkey - #TwitterisBlockedinTurkey

Mar 23, 2014
Twitter , the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order. " Twitter and so on, we will root them out. The international community can say this or that – I don't care. They will see the power of the Turkish Republic ." After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google's DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter. Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed. Why
Download Tortilla Tool - Anonymize everything through Tor

Download Tortilla Tool - Anonymize everything through Tor

Jul 17, 2013
Recent disclosures by whistleblower Edward Snowden claiming that internet traffic is being intercepted and used by the Americans in their war on terror, force to re-think about the user's privacy and online anonymity. It has been relatively common knowledge for years that wherever we go on the web, we leave clear tracks, so it shouldn't really have come as much of a surprise to discover this has been going on. The best thing you can do to stay anonymous online is to hide your IP address . If someone knows your IP address, it is the easiest way to trace your online activity back to you and they can easily determine the geographic location of the server that hosts that address and get a rough idea of where you're located. TOR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Browsing with TOR is a lot like simultaneously using hundreds of different proxies that are randomized periodically.
Expert Insights / Articles Videos
Cybersecurity Resources