Browsing tag
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive “criminal affiliate program,” new findings from Infoblox reveal. The latest development demonstrates the “breadth of their activities and depth of their connections within the cybercrime industry,” the company said, describing […]
Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. “The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group used […]
The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. “The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool ‘DIG.net,’” Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar […]
Millions of messages get sent over the internet daily. Many of these messages are casual conversations between friends. But some contain sensitive information that is then sent through unsecured, not encrypted email. When cyber attackers intercept an unsecured email that contains sensitive information about a person or a company, this can be used for blackmail […]
DNS protection provides an additional level of protection between the user and the Internet by creating a blacklist of malicious websites and filtering out unwanted content. By using a secure DNS server, employees can avoid possible malicious attacks. There is no single DNS server, but many DNS services are used to provide the backbone for […]
Threat actors behind the new malware campaign DNSpionage created a new remote administrative tool that supports HTTP and DNS communication with C&C Server that operates by attackers. Based on a recent incident, the DNSpionage campaign which is developed and operates by APT 34 hacking group to perform MITM Attack to steal the authentication details through […]
Recently, researchers unveiled a DNS hijacking campaign that was found to spread malware from banking Trojans to Android smartphone users mostly in Asia, which has now extended its reach to iOS and PC users. Mantis Roaming malware now targets IOS devices for phishing attacks. A publication of Kaspersky Lab in April, gave details about the […]
Roaming Mantis Malware expands Geographically with many new capabilities. Initially, it targets only the Android users, now the malware authors improved their code by adding more geographies, platform support, and capabilities. The DNS hijacking malware Dubbed Roaming Mantis designed to spread via DNS hijacking method. It redirects the users to the malicious pages and leads […]
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to our telemetry data, this malware was detected more than 6,000 times, though the reports came from just 150 […]
Newly discovered Malware called “Roaming Mantis” infiltrate the Android smartphones using a technique known as DNS hijacking and steal the sensitive information from compromised victims Android devices. DNS hijacking is a type of Malicious attack that used to redirect the users to the malicious website when they visit the website via compromised routers or attackers […]
subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives. Installing You […]
DNS servers are essential to the normal functioning of the internet as we know and love it, but they tend to go unnoticed by most users. At least, that is, until some sort of attack or incident occurs that stops them from working normally, which results in the services we use every day starting to fail (something […]
This article looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack. While our research on the state of email delivery securityindicates that this attack is less pervasive than the TLS downgrade attack, it is equally effective at defeating email […]