Tag: dns
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems.”MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse shell, and socket management,” QiAnXin XLab said in a report published last week. “Compared to typical…
-
KI als Cybercrime-Copilot
Tags: ai, business, ciso, cyberattack, cybercrime, dns, group, injection, intelligence, malware, openai, ransomware, RedTeam, sans, strategy, threat, toolDas KI-gestützte Entwickler-Tool Claude Code hat einem Cyberkriminellen dabei geholfen, in Netzwerke einzudringen.CISOs und Sicherheitsentscheider rechnen schon seit längerem damit, dass Cyberangriffe nicht mehr von Menschen mit KI-Tools, sondern von KI-Systemen selbst ausgehen. Diese Befürchtung hat sich nun mit neuen Forschungserkenntnissen bestätigt. So offenbart Anthropics aktueller Threat Intelligence Report , dass das KI-gestützte Entwickler-Tool Claude…
-
KI als Cybercrime-Copilot
Tags: ai, business, ciso, cyberattack, cybercrime, dns, group, injection, intelligence, malware, openai, ransomware, RedTeam, sans, strategy, threat, toolDas KI-gestützte Entwickler-Tool Claude Code hat einem Cyberkriminellen dabei geholfen, in Netzwerke einzudringen.CISOs und Sicherheitsentscheider rechnen schon seit längerem damit, dass Cyberangriffe nicht mehr von Menschen mit KI-Tools, sondern von KI-Systemen selbst ausgehen. Diese Befürchtung hat sich nun mit neuen Forschungserkenntnissen bestätigt. So offenbart Anthropics aktueller Threat Intelligence Report , dass das KI-gestützte Entwickler-Tool Claude…
-
KI greift erstmals autonom an
Tags: ai, business, ciso, cyberattack, cybercrime, dns, group, injection, intelligence, malware, openai, ransomware, RedTeam, sans, strategy, threat, toolDas KI-gestützte Entwickler-Tool Claude Code hat einem Cyberkriminellen dabei geholfen, in Netzwerke einzudringen.CISOs und Sicherheitsentscheider rechnen schon seit längerem damit, dass Cyberangriffe nicht mehr von Menschen mit KI-Tools, sondern von KI-Systemen selbst ausgehen. Diese Befürchtung hat sich nun mit neuen Forschungserkenntnissen bestätigt. So offenbart Anthropics aktueller Threat Intelligence Report , dass das KI-gestützte Entwickler-Tool Claude…
-
Anthropic detects the inevitable: genAI-only attacks, no humans involved
Tags: ai, attack, business, ciso, control, cybercrime, cybersecurity, defense, dns, infrastructure, injection, intelligence, malicious, malware, open-source, openai, RedTeam, threat, tool, warfarenot find.”There is potentially a lot of this activity we’re not seeing. Anthropic being open about their platform being used for malicious activities is significant, and OpenAI has recently shared the same as well. But will others open up about what is already likely happening?” Brunkard asked. “Or maybe they haven’t shared because they don’t…
-
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025.These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under…
-
TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen
Tags: access, ai, apple, attack, backup, banking, browser, business, ceo, chrome, ciso, compliance, computer, computing, control, country, credentials, cybersecurity, data, data-breach, ddos, dns, encryption, endpoint, google, government, group, international, Internet, jobs, law, microsoft, mobile, network, phishing, phone, privacy, programming, radius, risk, service, smishing, strategy, switch, technology, threat, update, vpn, windows, zero-trustSummary This episode of the Defender’s Log features special guest Tommy Jensen, an internet technologist specializing in IPv6, Zero Trust, and standards. Jensen’s career path, from an AppleCare contractor to a key figure in advancing internet technologies, is explored. The discussion highlights the critical importance and challenges of migrating to IPv6 and the necessity of…
-
BSidesSF 2025: WHOIS Your Daddy: Tracking Iranian-Backed Cyber Operations With Passive DNS
Creator, Author and Presenter: Austin Northcutt Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
IETF Draft suggests making IPv6 standard on DNS resolvers – partly to destroy IPv4
Tags: dnsDragging DNS into the modern age. And if that means fewer people need to buy IPv4, so much the better First seen on theregister.com Jump to article: www.theregister.com/2025/08/20/ietf_dnsop_3901bis_ipv4_ipv6/
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Why DNS threats should be on every CISO’s radar in 2025
DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/dns-threat-landscape-2025/
-
What is a CISO? The top IT security leader role explained
Tags: access, authentication, breach, business, ceo, cio, cisa, ciso, compliance, computer, container, control, corporate, credentials, cyber, cybersecurity, data, ddos, defense, dns, encryption, exploit, finance, firewall, framework, fraud, guide, Hardware, healthcare, infosec, infrastructure, intelligence, international, jobs, kubernetes, mitigation, msp, mssp, network, nist, programming, RedTeam, regulation, risk, risk-management, security-incident, service, skills, software, strategy, technology, threat, training, vpn, zero-day, zero-trust. You’ll often hear people say the difference between the two is that CISOs focus entirely on information security issues, while a CSOs remit is wider, also taking in physical security as well as risk management.But reality is messier. Many companies, especially smaller ones, have only one C-level security officer, called a CSO, with IT…
-
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google’s official app storefronts under the guise of seemingly useful applications.These apps masquerade as VPNs, device “monitoring” apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in…
-
China’s botched Great Firewall upgrade invites attacks on its censorship infrastructure
Attempts to censor QUIC traffic create chance to block access to offshore DNS resolvers First seen on theregister.com Jump to article: www.theregister.com/2025/08/04/china_great_firewall_quic_security_flaws/
-
ToolShell under siege: Check Point analyzes Chinese APT Storm-2603
Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain…
-
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations.The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS,…
-
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack
Tags: access, ai, attack, cvss, cyberattack, cybersecurity, detection, dns, flaw, malicious, malware, network, rat, sap, update, vulnerability, zero-trustThe attack stopped in its tracks: Darktrace analysts detected the suspicious ELF download and a flurry of odd DNS and SSL connections to known malicious infrastructure. The British cybersecurity outfit claims its “Autonomous Response” intervened within minutes, restricting the device to its usual, legitimate activities while analysts investigated unusual behavior.Darktrace researchers said the malware stalled…
-
NIS2-Umsetzungsgesetz: Geschäftsleitung haftet mit Privatvermögen
Tags: bsi, cloud, computing, cyersecurity, dns, dora, germany, governance, kritis, monitoring, nis-2, risk, risk-management, vulnerabilityNIS2-Versäumnisse können teuer werden nicht nur furs Unternehmen, sondern auch für die Geschäftsleitung persönlich.Angesichts der sich stets verschärfenden Cyberbedrohungslage (nicht nur in Deutschland) hat sich der europäische Gesetzgeber in den letzten Jahren intensiv mit dem Thema IT-Sicherheit befasst. Im Januar 2023 traten gleich drei Gesetze in diesem Zusammenhang in Kraft:die NIS2-Richtlinie,die CER-Richtlinie, sowieDORA.Während DORA als Verordnung…
-
Sicherheitstools überlistet: Hacker verstecken Schadcode in DNS-Einträgen
Angreifer zerlegen seit Jahren Malware in kleine Fragmente und betten sie in DNS-Records ein, um sie auf einem Zielsystem wieder zusammenzusetzen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitstools-ausgetrickst-hacker-verstecken-schadcode-in-dns-eintraegen-2507-198191.html
-
BIND 9 Vulnerabilities Enable Cache Poisoning and Service Disruption
The Internet Systems Consortium (ISC) has disclosed two critical security vulnerabilities in BIND 9, one of the most widely used DNS software implementations worldwide. Published on July 16, 2025, these vulnerabilities could allow attackers to poison DNS caches and disrupt DNS resolution services, potentially affecting millions of internet users and organizations globally. Critical Security Flaws…
-
Hackers Abuse DNS Blind Spots to Stealthily Deliver Malware
Tags: cyber, cybersecurity, dns, exploit, hacker, infrastructure, Internet, malicious, malware, threatCybersecurity researchers have uncovered a sophisticated technique where threat actors are exploiting DNS infrastructure to covertly store and distribute malware, turning the internet’s domain name system into an unwitting accomplice for malicious activities. The discovery reveals how attackers can hide executable files within DNS TXT records, creating a stealthy delivery mechanism that bypasses traditional security…
-
Hackers Are Finding New Ways to Hide Malware in DNS Records
Newly published research shows that the domain name system”, a fundamental part of the web”, can be exploited to hide malicious code and prompt injection attacks against chatbots. First seen on wired.com Jump to article: www.wired.com/story/dns-records-hidden-malicious-code/
-
Hackers Use DNS Queries to Evade Defenses and Exfiltrate Data
Cybercriminals are increasingly exploiting the Domain Name System (DNS) to bypass corporate security measures and steal sensitive data, according to new research from cybersecurity experts. This sophisticated technique, known as DNS tunneling, transforms the internet’s essential >>phonebook
-
Sicherheitstools ausgetrickst: Hacker verstecken Schadcode in DNS-Einträgen
Angreifer zerlegen seit Jahren Malware in kleine Fragmente und betten sie in DNS-Records ein, um sie auf einem Zielsystem wieder zusammenzusetzen. First seen on golem.de Jump to article: www.golem.de/news/sicherheitstools-ausgetrickst-hacker-verstecken-schadcode-in-dns-eintraegen-2507-198191.html
-
Cloudflare Confirms BGP Hijack Behind 1.1.1.1 DNS Disruption
Cloudflare has revealed that a 62-minute global outage of its popular 1.1.1.1 DNS resolver service on July 14, 2025, was caused by an internal configuration error rather than an external attack, though the incident coincided with an unrelated BGP hijack that complicated the situation. The outage, which lasted from 21:52 UTC to 22:54 UTC, affected…
-
Elite ‘Matanbuchus 3.0’ Loader Spruces Up Ransomware Infections
An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/matanbuchus-loader-ransomware-infections
-
Hackers exploit a blind spot by hiding malware inside DNS records
Technique transforms the Internet DNS into an unconventional file storage system. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/