Security News

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

The Roaming Mantis malware distribution campaign has updated its Android malware to include a DNS changer that modifies DNS settings on vulnerable WiFi routers to spread the infection to other devices. O/XLoader Android malware that detects vulnerable WiFi routers based on their model and changes their DNS. The malware then creates an HTTP request to hijack a vulnerable WiFi router's DNS settings, causing connected devices to be rerouted to malicious web pages hosting phishing forms or dropping Android malware.

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. According to Cybernews, last year 20 million emails and other personal data like location & legal information were stolen via VPN. DNS Security Explained.

Russian retail chain 'DNS' disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. While the firm has not provided details on what information was compromised, it clarified that the hackers didn't steal user passwords and payment card data, as that data isn't stored on their systems.

Akamai's security research team examined potentially compromised devices, discovering that 12.3% communicated with domains associated with malware or ransomware during Q2 2022. This Help Net Security video uncovers how malicious DNS traffic affects people on the other end of the internet connection.

Google on Tuesday officially announced support for DNS-over-HTTP/3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS, which was incorporated into the mobile operating system with Android 9.0.

Google has added support for the DNS-over-HTTP/3 protocol on Android 11 and later to increase the privacy of DNS queries while providing better performance. Roid previously supported DNS-over-TLS for version 9 and later to bolster DNS query privacy, but this system inevitably slowed down DNS requests due to the encryption overhead. Moreover, DoT requires a complete renegotiation of the new connection when changing networks.

Often we see stories about cyber attacks that breached an organisations' security parameters, and advice on how we can protect against future threats. What is often missed, is just how these threat actors managed to breach a system, and as such, the fact that the Domain Name System probably played a very large role in the attacker's entry point.

"The new malware is a.NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week. "The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements."

NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. A recent analysis by Zscaler presents a new DNS backdoor based on the DIG.net open-source tool to carry out "DNS hijacking" attacks, execute commands, drop more payloads, and exfiltrate data.