Security News
DNS tunneling is the encoding of data or commands that are sent and retrieved via DNS queries, essentially turning DNS, a fundamental network communication component, into a covert communications channel. Hackers commonly use DNS tunneling to bypass network firewalls and filters, employing the technique for command and control and Virtual Private Network operations.
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. As Mullvad found out while investigating the issue spotted on April 22, an Android bug leaks some DNS information even when these features are enabled on the latest OS version.
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. Enabling the "Block Connections Without VPN" option ensures that ALL network traffic and connections pass through the always-connected VPN tunnel, blocking prying eyes from monitoring the users' web activity.
Discovered by Infoblox, the activity does not have a clear goal or motivation but demonstrates sophistication and advanced capabilities to manipulate global DNS systems. Muddling Meerkat manipulates DNS queries and responses by targeting the mechanism by which resolvers return the IP addresses.
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and...
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds. “Savvy Seahorse is a DNS threat actor who...
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. Using DNS CNAME records as a TDS. Savvy Seahorse creatively uses Canonical Name records as a Traffic Distribution System for its operations, allowing threat actors to easily manage changes, such as performing IP rotation that enhances detection evasion.
A serious vulnerability named KeyTrap in the Domain Name System Security Extensions feature could be exploited to deny internet access to applications for an extended period. It allows a remote attacker to cause a long lasting denial-of-service condition in vulnerable resolvers by sending a single DNS packet.
A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine. Yes, a single DNS packet can take out a remote DNSSEC server.
ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. A bug in this feature caused DNS requests of users not to be directed to ExpressVPN's infrastructure, as they should, but to the user's internet service provider.