Tag: dns
-
Top 10 Best DNS Filtering Solutions 2026
In 2026, the perimeter is gone. Your users are everywhere, and the >>castle and moat<< security model is obsolete. The most effective way to secure a hybrid workforce is through DNS filtering and Secure Access Service Edge (SASE). These tools act as the new control plane, stopping ransomware command-and-control (C2) callbacks and AI-driven phishing attacks…
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
BIND 9 Flaw Lets Attackers Crash Servers With Malicious DNS Records
A critical vulnerability in BIND 9 exposes DNS servers to remote denial-of-service (DoS) attacks. Security firm ISC disclosed CVE-2025-13878 on January 21, 2026, warning that malformed BRID or HHIT records in DNS queries can trigger an unexpected termination of the named process. Attackers need no authentication to exploit this, making it a high-risk issue for…
-
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
A DNS flaw in Azure Private Link can trigger DoS-like outages across linked VNETs. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/azure-dns-behavior-can-turn-private-endpoints-into-dos-risks/
-
Azure Private Endpoint Deployments Expose Cloud Resources to DoS Attacks
A critical architectural weakness in Azure’s Private Endpoint deployments could allow both accidental and intentional denial of service (DoS) attacks against cloud resources. The vulnerability stems from how Azure’s Private DNS zone resolution interacts with hybrid networking configurations, potentially affecting over 5% of Azure storage accounts and multiple critical services. The Core Vulnerability The issue…
-
NDSS 2025 Studying the Defensive Registration Practices of the Fortune 500
Session 9C: Phishing & Fraud 2 Authors, Creators & Presenters: Boladji Vinny Adjibi (Georgia Tech), Athanasios Avgetidis (Georgia Tech), Manos Antonakakis (Georgia Tech), Michael Bailey (Georgia Tech), Fabian Monrose (Georgia Tech) PAPER The Guardians of Name Street: Studying the Defensive Registration Practices of the Fortune 500 Using orthographic, phonetic, and semantic models, we study the…
-
How Security Teams Use IP Location and DNS History In Cybercrime Investigation
In many security teams, a cybercrime investigation often begins without a complete picture. It starts with a small signal. A suspicious login. An unexpected outbound connection. A single alert that does not look right. From that moment, investigators need context. Logs alone show what happened, but not who is behind it or why it matters.…
-
Researchers Hijack Hacker Domain Using Name Server Delegation
Security researchers from Infoblox have successfully intercepted millions of malicious push notification advertisements by exploiting a DNS misconfiguration technique known as >>lame nameserver delegation,<< gaining complete visibility into a large-scale affiliate advertising operation without directly compromising any systems. The researchers claimed to have identified abandoned domains used by threat actors, receiving copies of over 57…
-
New Kerberos Relay Technique Exploits DNS CNAMEs to Bypass Existing Defenses
Tags: attack, authentication, credentials, cve, cyber, defense, dns, exploit, flaw, ntlm, service, threat, vulnerability, windowsA critical vulnerability in Windows Kerberos authentication that enables attackers to conduct credential-relay attacks by exploiting DNS CNAME records. Tracked as CVE-2026-20929, this flaw allows threat actors to force victims into requesting Kerberos service tickets for attacker-controlled systems, facilitating lateral movement and privilege escalation even when NTLM authentication is entirely disabled. CVE ID Vulnerability Name…
-
Iran’s partial internet shutdown may be a windfall for cybersecurity intel
only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
-
What Is a DNS Attack? Understanding the Risks and Threats
In 2026, when websites, apps, and online services drive nearly every aspect of daily life, the Domain Name System (DNS) acts as the internet’s unsung hero. It serves as the bridge between humans and machines, effortlessly translating memorable domain names like www.thecyberexpress.com, the same website you’re reading this article on. First seen on thecyberexpress.com Jump…
-
Cloudflare Says ‘Non C’è Modo’ (No Way) In Defiance of Italy Piracy Shield Law
Italian authorities have fined Internet security company Cloudflare $16.3 as a result of the content delivery network specialist’s refusal to block access to pirate sites on its 1.1.1.1 DNS service. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/cloudflare-says-non-ce-modo-no-way-in-defiance-of-italy-piracy-shield-law/
-
Why DNS Resiliency Is Critical as Outages Surge
As outages grow more frequent, DNS resiliency is critical to keeping services online when primary systems fail. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/why-dns-resiliency-is-critical-as-outages-surge/
-
Piracy Shield: Rekordstrafe für Cloudflare wegen unterlassener DNS-Sperren
Tags: dnsCloudflare will Italiens DNS-Sperranordnungen nicht nachkommen, weil diese globale Auswirkungen hätten. Nun soll der Konzern 14,2 Millionen Euro zahlen. First seen on golem.de Jump to article: www.golem.de/news/italien-gegen-cloudflare-rekordstrafe-wegen-unterlassener-dns-sperren-2601-204067.html
-
Italien gegen Cloudflare: Rekordstrafe wegen unterlassener DNS-Sperren
Tags: dnsCloudflare will Italiens DNS-Sperranordnungen nicht nachkommen, weil diese globale Auswirkungen hätten. Nun soll der Konzern 14,2 Millionen Euro zahlen. First seen on golem.de Jump to article: www.golem.de/news/italien-gegen-cloudflare-rekordstrafe-wegen-unterlassener-dns-sperren-2601-204067.html
-
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024.The list of the directives now considered closed is as follows -ED 19-01: Mitigate DNS Infrastructure TamperingED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch TuesdayED 20-03: Mitigate Windows DNS Server First…
-
DNS-Fehler: Unzählige Cisco-Switches plötzlich in Bootschleife gefangen
Switches von Cisco starten sich alle paar Minuten neu und beeinträchtigen damit Unternehmensnetze. Verzweifelte Admins suchen online nach Hilfe. First seen on golem.de Jump to article: www.golem.de/news/dns-fehler-unzaehlige-cisco-switches-ploetzlich-in-bootschleife-gefangen-2601-203989.html
-
Global DNS Crash Triggers Reboot Loops Across Cisco Small Business Switches
A DNS Crash disrupted networks around the world on January 8, 2026, after a flaw in the DNS client service caused multiple Cisco Small Business Switches to reboot repeatedly and, in some cases, completely core dump. The outage affected organizations of all sizes, from small IT teams managing a handful of switches to administrators responsible…
-
Global DNS Crash Triggers Reboot Loops Across Cisco Small Business Switches
A DNS Crash disrupted networks around the world on January 8, 2026, after a flaw in the DNS client service caused multiple Cisco Small Business Switches to reboot repeatedly and, in some cases, completely core dump. The outage affected organizations of all sizes, from small IT teams managing a handful of switches to administrators responsible…
-
Cisco switches hit by reboot loops due to DNS client bug
Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by BleepingComputer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-switches-hit-by-reboot-loops-due-to-dns-client-bug/
-
Phishing-Angreifer setzen vermehrt auf E-Mail-Routing-Lücken
Tags: 2fa, authentication, business, cyberattack, dmarc, dns, email, framework, infrastructure, intelligence, mail, mfa, microsoft, password, phishing, risk, service, spam, threatAngreifer missbrauchen falsch konfigurierte Richtlinien, um Phishing-E-Mails wie interne E-Mails aussehen zu lassen, Filter zu umgehen und Anmeldedaten zu stehlen.Das Threat Intelligence Team von Microsoft hat kürzlich festgestellt, dass Angreifer zunehmend komplexe E-Mail-Weiterleitungen und falsch konfigurierte Domain-Spoofing-Schutzmaßnahmen ausnutzen. Dabei lassen sie ihre Phishing-Nachrichten so aussehen, als würden sie von den angegriffenen Organisationen selbst stammen.In den…
-
Reverse DNS mismatch: Fix SMTP banner errors
Fix “reverse DNS does not match SMTP banner” errors by aligning PTR, A records, and server identity to restore trust and reliable email delivery. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/reverse-dns-mismatch-fix-smtp-banner-errors/
-
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.”An unauthenticated remote attacker can inject…
-
NDSS 2025 HADES Attack: Understanding And Evaluating Manipulation Risks Of Email Blocklists
Tags: attack, conference, dns, email, exploit, infrastructure, Internet, malicious, mitigation, network, risk, service, spam, technologySession 8A: Email Security Authors, Creators & Presenters: Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)…
-
Why Fast Flux Is Harder to Detect in CDN and Cloud-Based Setups?
DNS Fast Flux rapidly changes the IP addresses (and even the DNS servers) for a malicious domain, as shown above. Attackers often use compromised machines as proxies, cycling through “hundreds or even thousands” of IP addresses with very low DNS TTL (sometimes as short as 60 seconds). This means each DNS query can return a……
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 78
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Evasive Panda APT poisons DNS requests to deliver MgBot Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations EmEditor Supply Chain Incident Details Disclosed: Distribution of Information-Stealing Malware Sweeps…
-
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor
China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…
-
Evasive Panda ändert das DNS, statt Updates lädt man Malware
Die Hacker-Gruppe Evasive Panda nutzte das Domain Name System, um unzählige Computer zu verseuchen. Das DNS ist elementar und keine Beilage. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/cyberangriffe/evasive-panda-aendert-das-dns-statt-updates-laedt-man-malware-324673.html
-
Warum Datensicherung zur strategischen Kernkompetenz wird Die neue Relevanz von Backup
Am 20. Oktober 2025 stand die digitale Wirtschaft still. Ein DNS-Fehler in der AWS-Region US-EAST-1 legte weltweit über 2.000 Unternehmen und Millionen Nutzer lahm. Von Snapchat über Signal bis zu kritischen Finanzdienstleistern der mehrstündige Ausfall demonstrierte mit schonungsloser Klarheit die Achillesferse der globalisierten Cloud-Infrastruktur. Für europäische Unternehmen war dies mehr als eine technische Störung. Es…