Security News
Payment processing firm Square says a widespread outage that took down a large part of the company's infrastructure last week was caused by a DNS issue. The 14-hour-long outage affected Square payment acceptance and other services and led to customers being unable to log into their accounts or process payments starting Thursday, around noon.
Infosec in brief Someone at Microsoft has some explaining to do after a messed up DNS record caused emails sent from Hotmail accounts Microsoft Outlook Hotmail accounts to be rejected and directed to spam folders overnight beginning Thursday. Microsoft support forum advisors confirmed that the issue was known, which was further confirmed by a look at the Office service status page.
Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record. The email issues began late last night, with users and admins reporting on Reddit, Twitter, and Microsoft forums that their Hotmail emails were failing due to SPF validation errors.
A team of researchers from UC Irvine and Tsinghua University has developed a new powerful cache poisoning attack named 'MaginotDNS,' that targets Conditional DNS resolvers and can compromise entire TLDs top-level domains. The concept of DNS cache poisoning is injecting forged answers into the DNS resolver cache, causing the server to direct users who enter a domain to incorrect IP addresses, potentially leading them to malicious websites without their knowledge.
Whoever operates the toolkit did not cease activity after Infoblox announced their discovery and published a technical analysis showing that Decoy Dog was heavily based on the Pupy open-source post-exploitation remote access trojan. Some of the changes one Decoy Dog operator made after Infoblox's disclosure was to add a geofencing mechanism that limits responses from controller domains to DNS queries from IP addresses in specific regions.
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS tunneling.
The Chinese threat group 'ChamelGang' infects Linux devices with a previously unknown implant named 'ChamelDoH,' allowing DNS-over-HTTPS communications with attackers' servers. The link between ChamelGang and the new Linux malware is based on a domain previously associated with the threat actor and a custom privilege elevation tool observed by Positive Technologies in past ChamelGang campaigns.
A new enterprise-targeting malware toolkit called 'Decoy Dog' has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity. Decoy Dog helps threat actors evade standard detection methods through strategic domain aging and DNS query dribbling, aiming to establish a good reputation with security vendors before switching to facilitating cybercrime operations.
Cloudflare research showed a "Massive spike" in application layer DDoS attacks in Q1 2022, while network layer attacks also jumped substantially. The DDoS attacks themselves are getting bigger, says Klaus Darilion, head of operations of the anycast service RcodeZero DNS, because the internet itself is getting bigger and attackers have more bandwidth to play with.
What DNS abuse techniques are employed by cyber adversaries and which organizations can help incident responders and security teams detect, mitigate and prevent them? The DNS Abuse Techniques Matrix published by FIRST provides answers. Among its many special interest groups is the DNS Abuse SIG, which compiled the DNS Abuse Techniques Matrix.