Tag: dns
-
EU launches EU-based, privacy-focused DNS resolution service
DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality. What is DNS? The Domain Name System (DNS) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/09/eu-launches-eu-based-privacy-focused-dns-resolution-service/
-
Critical FreeRTOS-Plus-TCP Flaw Allows Code Execution or System Crash
A critical memory corruption vulnerability, tracked as CVE-2025-5688, has been disclosed in FreeRTOS-Plus-TCP, Amazon’s open-source TCP/IP stack widely used in embedded and IoT devices. The flaw, rated 8.4 (High) on the CVSS scale, is rooted in how the stack processes Link-Local Multicast Name Resolution (LLMNR) and Multicast DNS (mDNS) queries containing excessively long DNS names,…
-
Akamai Extends Cybersecurity Reach to DNS Posture Management
Akamai this week launched an agentless posture management offering that provides visibility across multiple domain name servers (DNS) platforms. Sean Lyons, senior vice president and general manager for infrastructure security solutions and services at Akamai, said Akamai DNS Posture Management provides real-time monitoring and guided remediation across all major DNS platforms and services in a..…
-
#Infosec2025: DNS Hijacking, A Major Cyber Threat for the UK Government
During Infosecurity Europe 2025, Nick Woodcraft, from the UK Government, shared his experience in implementing measures to protect domains within the .gov.uk DNS namespace First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2025-dns-hijacking-uk/
-
ThreatPlattformen ein Kaufratgeber
Tags: ai, attack, automation, breach, cisa, cloud, crowdstrike, cyber, cyberattack, dark-web, deep-fake, dns, edr, exploit, finance, firewall, gartner, identity, incident response, intelligence, mail, malware, monitoring, network, open-source, phishing, risk, siem, soar, soc, threat, tool, vulnerability, zero-dayThreat-Intelligence-Plattformen erleichtern es, Bedrohungen zu durchdringen und wirksame Abwehrmaßnahmen zu ergreifen.Der erste Schritt zu einem soliden Enterprise-Security-Programm besteht darin, eine geeignete Threat-Intelligence-Plattform (TIP) auszuwählen. Fehlt eine solche Plattform, haben die meisten Security-Teams keine Möglichkeit, Tool-Komponenten miteinander zu integrieren und angemessene Taktiken und Prozesse zu entwickeln, um Netzwerke, Server, Applikationen und Endpunkte abzusichern. Aktuelle Bedrohungstrends machen…
-
Unmasking ECH: Why DNSthe-Root-of-Trust Holds the Key to Secure Connectivity
Encrypted Client Hello (ECH) has been in the news a lot lately. For some background and relevant and recent content, see: IETF Proposed Standard Cloudflare Blog from 2023 announcing ECH support RSA 2025 talk: ECH: Hello to Enhanced Privacy or Goodbye to Visibility? Corrata White Paper “Living with ECH” Security Now podcast coverage of the…
-
‘Secure email’: A losing battle CISOs must give up
End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
-
60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server Details
A Socket’s Threat Research Team has revealed a sophisticated and ongoing campaign targeting the npm ecosystem, involving 60 malicious packages published under three distinct accounts: bbbb335656, cdsfdfafd49Group2436437, and sdsds656565. First detected just eleven days ago, with the latest package appearing mere hours before this report, these packages embed a covert script that activates during the…
-
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.The packages, published under three different accounts, come with an install”‘time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a…
-
Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets
Tags: attack, cve, cyber, data-breach, dns, exploit, identity, infrastructure, vulnerability, zero-trustA new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity (NHI) secrets, and ultimately bypass zero-trust security frameworks. This research, conducted in a controlled lab environment, highlights a sophisticated attack chain targeting BIND DNS servers using a known vulnerability, CVE-2025-40775, rated as High severity with…
-
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could cause named (the BIND DNS server process) to terminate unexpectedly with an assertion failure when specific queries were processed with certain features enabled. The vulnerability, disclosed in BIND 9.18.24 release…
-
Scammers Troll DNS Records for Abandoned Cloud Accounts
‘Hazy Hawk’ Behind a Rash of Domain Hijackings. A hacking group with apparent access to a commercial domain name system archiving service is on the hunt for misconfigured records of high-reputation organizations in order to blast links to scammy domains. It checks the CNAME field of DNS records to see if it points to an…
-
Misconfigured DNS, neglected cloud assets harnessed in Hazy Hawk domain hijacking attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/misconfigured-dns-neglected-cloud-assets-harnessed-in-hazy-hawk-domain-hijacking-attacks
-
Ransomware-Bande BlackBasta hat neuen Malware-Favoriten
Modularität für verschiedene Zwecke: Die Malware Skitnet verfügt über separate Plug-ins umAnmeldeinformationen zu sammeln,Berechtigungen auszuweiten,sich im Netzwerk lateral zu bewegen undRansomware bereitzustellen.Sie nutzt die Programmiersprachen Rust und Nim, um eine verdeckte Reverse Shell über das DNS-Protokoll zu realisieren. Dadurch ist eine unauffällige C2-Kommunikation möglich.Zusätzlich verwendet Skitnet Verschlüsselung, manuelles Mapping und dynamische API-Auflösung, um nicht entdeckt…
-
Forscher warnen: Cybergang kapert Domains großer Konzerne und Behörden
Tags: dnsFalsch konfigurierte DNS-Einträge können fatale Folgen haben. Cyberkriminelle nutzen diese aus, um Besucher prominenter Webseiten zu betrügen. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-cybergang-kapert-domains-grosser-konzerne-und-behoerden-2505-196411.html
-
Hazy Hawk Targets DNS Vulnerabilities to Hijack Cloud Resources and Spread Malware
The threat actor gained attention in February 2025 after successfully hijacking a subdomain of the U.S. Centers for Disease Control and Prevention (CDC). Sophisticated threat actor dubbed >>Hazy Hawk
-
Threat intelligence platform buyer’s guide: Top vendors, selection advice
Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
-
Poor DNS hygiene is leading to domain hijacking
Tags: attack, authentication, ciso, cloud, control, credentials, detection, dns, email, exploit, incident response, intelligence, threat, toolDNS hijacking comes in many forms: DNS hijacking comes in many forms. In 2019, CSO inteviewed Paul Vixie, a DNS system contributor, about the need to strengthen security. We later wrote about the problem of abandoned domain names. And things haven’t changed a lot since then. Most CISOs may be familiar with typosquatting, where “firm.com”…
-
Poor DNS hygiene is leading to domain hijacking: Report
Tags: attack, authentication, ciso, cloud, control, credentials, detection, dns, email, exploit, incident response, intelligence, threat, toolDNS hijacking comes in many forms: DNS hijacking comes in many forms. In 2019, CSO inteviewed Paul Vixie, a DNS system contributor, about the need to strengthen security. We later wrote about the problem of abandoned domain names. And things haven’t changed a lot since then. Most CISOs may be familiar with typosquatting, where “firm.com”…
-
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records.The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes),…
-
Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
A threat actor named ‘Hazy Hawk’ has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hazy-hawk-gang-exploits-dns-misconfigs-to-hijack-trusted-domains/
-
Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023
Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec… First seen on hackread.com Jump to article: hackread.com/hazy-hawk-attack-abandoned-cloud-assets-since-2023/
-
Skitnet malware: The new ransomware favorite
Tags: access, api, awareness, cybersecurity, data, detection, dns, encryption, malware, phishing, powershell, programming, ransomware, risk, rust, tool, trainingMalware employs advanced obfuscation: According to a Prodaft description, Skitnet uses Rust and Nim programming languages to execute a stealthy reverse shell over DNS, which is a method of covert C2 Communication using the DNS protocol instead of HTTP or other typical channels.Additionally, the malware leverages encryption, manual mapping, and dynamic API resolution to evade…
-
Dynamic DNS Emerges as Go-to Cyberattack Facilitator
Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dynamic-dns-cyberattack-facilitator
-
FrigidStealer Malware Hits macOS Users via Fake Safari Browser Updates
FrigidStealer malware targets macOS users via fake browser updates, stealing passwords, crypto wallets, and notes using DNS-based data… First seen on hackread.com Jump to article: hackread.com/frigidstealer-malware-macos-fake-safari-browser-update/
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
Abuse takes its “toll” on .top: But who is paying the price?
Despite ICANN issuing a formal notice to .top citing a breach of contract for failing to address DNS abuse, the situation has not improved. Over the last six months, abuse of .top hasn’t just persisted, it’s gotten 50% worse! So, why is this happening, and what can be done to stop it? First seen on…
-
Nmap 7.96 Released with Enhanced Scanning Capabilities and Updated Libraries
The popular network mapping and security auditing tool Nmap has released version 7.96, featuring a host of significant improvements. This latest version introduces parallel forward DNS resolution for dramatically faster hostname scanning, upgraded core libraries, new scripting capabilities, and enhanced compatibility across platforms, especially for Windows users. One of the headline features in Nmap 7.96…
-
Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts
The Nmap Project has officially launched the highly anticipated Nmap 7.96, bringing a wealth of new features, performance upgrades, and bug fixes to the popular network scanning tool. As a fundamental utility for network discovery and security auditing, Nmap has been a go-to solution for security professionals, and version 7.96 makes it even more powerful.…