Tag: dns
-
Dynamic DNS Abuse Helps Threat Actors Evade Detection and Persist
Threat actors exploit Dynamic DNS for resilient C2 networks. Learn why DDNS abuse matters and how defenders can respond. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/dns-abuse-fuels-cyber-attacks/
-
Threat Actors Exploiting Dynamic DNS Providers for Malicious Activity
Cybersecurity researchers have identified a growing trend where threat actors are increasingly exploiting Dynamic DNS providers to host malicious infrastructure, posing significant risks to enterprise organizations worldwide. Dynamic DNS providers, also known as publicly rentable subdomain providers, have become attractive targets for malicious actors due to their accessibility and limited regulatory oversight. These services essentially…
-
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility.”Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade,” Infoblox said…
-
TDL 005 – A Defender’s Journey: From Passion Project to Protecting Children Online
Tags: access, business, control, corporate, country, cyber, cybersecurity, data-breach, defense, dns, encryption, endpoint, finance, github, government, group, guide, identity, Internet, jobs, microsoft, network, open-source, privacy, risk, service, technology, tool, zero-trustSummary A Defender’s Journey: From Passion Project to Protecting Children Online In a recent episode of “The Defender’s Log,” host David Redekop sat down with cybersecurity expert Will Earp to discuss his unconventional path into the industry and his current mission-driven career. Earp, a self-proclaimed “tinkerer” from a young age, shared how his early fascination…
-
Technical Analysis of Zloader Updates
Tags: access, attack, banking, cloud, communications, control, corporate, data, data-breach, detection, dns, encryption, malware, network, ransomware, strategy, threat, update, windowsIntroductionZloader (a.k.a. Terdot, DELoader, or Silent Night) is a Zeus-based modular trojan that emerged in 2015. Zloader was originally designed to facilitate banking, but has since been repurposed for initial access, providing an entry point into corporate environments for the deployment of ransomware. Following an almost two-year hiatus, Zloader reemerged in September 2023 with significant enhancements…
-
New Botnet Exploits Simple DNS Flaws That Leads to Massive Cyber Attack
Cybersecurity researchers have uncovered a sophisticated Russian botnet operation that leveraged DNS misconfigurations and compromised MikroTik routers to deliver malware through massive spam campaigns. The discovery reveals how threat actors exploited simple DNS errors to bypass email security protections and distribute malicious payloads on a global scale. The investigation began in November 2024 when researchers…
-
How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381
Tenable Research recently discovered that the original patch for a critical vulnerability affecting BentoML could be bypassed. In this blog, we explain in detail how we discovered this patch bypass in this widely used open source tool. The vulnerability is now fully patched. Key takeaways Tenable Research discovered that the initial patch for a high-severity…
-
Skip Geo-Blocks, Not Security with This Lifetime $50 DNS VPN
Unlock 500+ channels and secure your browsing with Getflix Smart DNS VPN lifetime access, a 66% savings. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/getflix-smart-dns-vpn/
-
CoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block Updates
A critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates. This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from version 1.2.0 onward and was patched in version 1.12.4, as per a report by Researcher…
-
Attackers Abuse Kubernetes DNS to Extract Git Credentials from ArgoCD
A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially taking over entire Git accounts. Why Target ArgoCD and Kubernetes? In 2025, data exfiltration attacks are a major threat in…
-
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
The three certificates were issued in May but only came to light Wednesday. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1-dns-service-pose-a-threat-to-the-internet/
-
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet
The three certificates were issued in May but only came to light Wednesday. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1-dns-service-pose-a-threat-to-the-internet/
-
MystRodX: Weaponizing DNS and ICMP for Data Theft
A sophisticated backdoor, MystRodX, that exploits DNS and ICMP protocols to stealthily activate and exfiltrate data from compromised systems. Deployed via a dropper disguised as a Mirai variant, MystRodX remained undetected for over 20 months by hiding its activation logic within network packet payloads. Security researchers have uncovered a MystRodX supports both active and passive…
-
Hijacked by RapperBot: Devices Exploited for Instant DDoS Attacks
A newly uncovered variant of the notorious RapperBot malware is covertly commandeering internet-connected devices”, particularly outdated network video recorders (NVRs)”, and transforming them into a powerful distributed denial-of-service (DDoS) army in mere moments. Security researchers have detailed a sophisticated exploit chain that leverages zero-day vulnerabilities, outdated firmware, and alternative DNS infrastructures to orchestrate attacks exceeding…
-
Hijacked by RapperBot: Devices Exploited for Instant DDoS Attacks
A newly uncovered variant of the notorious RapperBot malware is covertly commandeering internet-connected devices”, particularly outdated network video recorders (NVRs)”, and transforming them into a powerful distributed denial-of-service (DDoS) army in mere moments. Security researchers have detailed a sophisticated exploit chain that leverages zero-day vulnerabilities, outdated firmware, and alternative DNS infrastructures to orchestrate attacks exceeding…
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems.”MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse shell, and socket management,” QiAnXin XLab said in a report published last week. “Compared to typical…
-
KI als Cybercrime-Copilot
Tags: ai, business, ciso, cyberattack, cybercrime, dns, group, injection, intelligence, malware, openai, ransomware, RedTeam, sans, strategy, threat, toolDas KI-gestützte Entwickler-Tool Claude Code hat einem Cyberkriminellen dabei geholfen, in Netzwerke einzudringen.CISOs und Sicherheitsentscheider rechnen schon seit längerem damit, dass Cyberangriffe nicht mehr von Menschen mit KI-Tools, sondern von KI-Systemen selbst ausgehen. Diese Befürchtung hat sich nun mit neuen Forschungserkenntnissen bestätigt. So offenbart Anthropics aktueller Threat Intelligence Report , dass das KI-gestützte Entwickler-Tool Claude…
-
KI als Cybercrime-Copilot
Tags: ai, business, ciso, cyberattack, cybercrime, dns, group, injection, intelligence, malware, openai, ransomware, RedTeam, sans, strategy, threat, toolDas KI-gestützte Entwickler-Tool Claude Code hat einem Cyberkriminellen dabei geholfen, in Netzwerke einzudringen.CISOs und Sicherheitsentscheider rechnen schon seit längerem damit, dass Cyberangriffe nicht mehr von Menschen mit KI-Tools, sondern von KI-Systemen selbst ausgehen. Diese Befürchtung hat sich nun mit neuen Forschungserkenntnissen bestätigt. So offenbart Anthropics aktueller Threat Intelligence Report , dass das KI-gestützte Entwickler-Tool Claude…
-
KI greift erstmals autonom an
Tags: ai, business, ciso, cyberattack, cybercrime, dns, group, injection, intelligence, malware, openai, ransomware, RedTeam, sans, strategy, threat, toolDas KI-gestützte Entwickler-Tool Claude Code hat einem Cyberkriminellen dabei geholfen, in Netzwerke einzudringen.CISOs und Sicherheitsentscheider rechnen schon seit längerem damit, dass Cyberangriffe nicht mehr von Menschen mit KI-Tools, sondern von KI-Systemen selbst ausgehen. Diese Befürchtung hat sich nun mit neuen Forschungserkenntnissen bestätigt. So offenbart Anthropics aktueller Threat Intelligence Report , dass das KI-gestützte Entwickler-Tool Claude…
-
Anthropic detects the inevitable: genAI-only attacks, no humans involved
Tags: ai, attack, business, ciso, control, cybercrime, cybersecurity, defense, dns, infrastructure, injection, intelligence, malicious, malware, open-source, openai, RedTeam, threat, tool, warfarenot find.”There is potentially a lot of this activity we’re not seeing. Anthropic being open about their platform being used for malicious activities is significant, and OpenAI has recently shared the same as well. But will others open up about what is already likely happening?” Brunkard asked. “Or maybe they haven’t shared because they don’t…
-
Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025.These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under…
-
TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen
Tags: access, ai, apple, attack, backup, banking, browser, business, ceo, chrome, ciso, compliance, computer, computing, control, country, credentials, cybersecurity, data, data-breach, ddos, dns, encryption, endpoint, google, government, group, international, Internet, jobs, law, microsoft, mobile, network, phishing, phone, privacy, programming, radius, risk, service, smishing, strategy, switch, technology, threat, update, vpn, windows, zero-trustSummary This episode of the Defender’s Log features special guest Tommy Jensen, an internet technologist specializing in IPv6, Zero Trust, and standards. Jensen’s career path, from an AppleCare contractor to a key figure in advancing internet technologies, is explored. The discussion highlights the critical importance and challenges of migrating to IPv6 and the necessity of…
-
BSidesSF 2025: WHOIS Your Daddy: Tracking Iranian-Backed Cyber Operations With Passive DNS
Creator, Author and Presenter: Austin Northcutt Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
IETF Draft suggests making IPv6 standard on DNS resolvers – partly to destroy IPv4
Tags: dnsDragging DNS into the modern age. And if that means fewer people need to buy IPv4, so much the better First seen on theregister.com Jump to article: www.theregister.com/2025/08/20/ietf_dnsop_3901bis_ipv4_ipv6/
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Why DNS threats should be on every CISO’s radar in 2025
DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/dns-threat-landscape-2025/
-
What is a CISO? The top IT security leader role explained
Tags: access, authentication, breach, business, ceo, cio, cisa, ciso, compliance, computer, container, control, corporate, credentials, cyber, cybersecurity, data, ddos, defense, dns, encryption, exploit, finance, firewall, framework, fraud, guide, Hardware, healthcare, infosec, infrastructure, intelligence, international, jobs, kubernetes, mitigation, msp, mssp, network, nist, programming, RedTeam, regulation, risk, risk-management, security-incident, service, skills, software, strategy, technology, threat, training, vpn, zero-day, zero-trust. You’ll often hear people say the difference between the two is that CISOs focus entirely on information security issues, while a CSOs remit is wider, also taking in physical security as well as risk management.But reality is messier. Many companies, especially smaller ones, have only one C-level security officer, called a CSO, with IT…