Cyberattack

Cyberattack / Featured Blogs

The xz liblzma Vulnerability

Apr 09, 2024

On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package. more

A Brief Primer on Anti-Satellite Warfare Tactics

Feb 19, 2024

Satellites make it possible for governments to provide essential services, such as national defense, navigation, and weather forecasting. Private ventures use satellites to offer highly desired services that include video program distribution, telecommunications, and Internet access. The Russian launch of a satellite, with nuclear power and the likely ability to disable satellites, underscores how satellites are quite vulnerable to both natural and manmade ruin. more

Microsoft’s Size Means Malicious Cyber Actors Thrive

Feb 19, 2024

Last month, the Russian state-sponsored hacking group "Midnight Blizzard" gained access to the email accounts of Microsoft leadership, even exfiltrating documents and messages. The group reportedly used a simple brute-force style attack to access a forgotten test account and then exploited the permissions on that account to access the emails of employees in the cybersecurity and legal teams. more

Challenges in Measuring DNS Abuse

Nov 02, 2023

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology. more

The Causes of Network Outages: Underlying Causes, Growing Threats and Industry Implications

Sep 06, 2023

The Uptime Institute (UI) is an IT industry research firm best known for certifying that data centers meet industry standards. UI issues an annual report that analyzes the cause of data center outages. The causes for data center outages are relevant to the broadband industry because the same kinds of issues shut down switching hubs and Network Operations Centers. more

How You Can Be Hijacked Without Actually Being Hacked

May 01, 2023

Unsuspecting website visitors are often unaware when they have landed on a spoofed page or are re-directed to malware-hosting web servers designed to steal their sensitive data and information. This attack is known as subdomain hijacking, or subdomain takeover. A web user's private information is then traded on the dark web, and cybercriminals profit, further fueling the expansion of identity theft in the online world. more

Risk vs Benefit: The Impact of Shorter 90-Day SSL Certificate Life Cycles

Apr 10, 2023

In today's digital age, securing your website and ensuring your users' safety has never been more critical. Secure sockets layer (SSL) certificates are the go-to solution for securing websites by encrypting the data transmitted between web servers and browsers. Historically, SSL digital certificates could be valid for years, after which they had to be renewed or replaced.  more

OARC-40: Notes on the Recent DNS Operations, Analysis, and Research Centre Workshop

Mar 10, 2023

OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ... more

Brand Impersonation Online is a Multidimensional Cybersecurity Threat

Feb 22, 2023

Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement... more

DNSAI Compass: Six Months of Measuring Phishing and Malware

Feb 16, 2023

The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement. more

Industry Updates

Uncovering Suspicious Download Pages Linked to App Installer Abuse

On the DNS Trail of the Rise of macOS Backdoors

Checking Out the DNS for More Signs of ResumeLooters

WhoisXML API Publishes a New Study of 7 APT Groups That Have Targeted North America

Searching for Potential Propaganda Vehicle Presence in the DNS

Following the VexTrio DNS Trail

DarkGate RAT Comes into the DNS Spotlight

Tracing Ivanti Zero-Day Exploitation IoCs in the DNS

The New RisePro Version in the DNS Spotlight

Tracking Down Sea Turtle IoCs in the DNS Ocean

Tracing the DNS Spills of the OilRig Cyber Espionage Group

Uncloaking the Underbelly of JinxLoader

Examining the Mirai.TBOT IoCs under the DNS Microscope

A Deep Dive into 6 APT Groups Based in or Targeting APAC

Exploring Epsilon Stealer Traces Aided by DNS Intel

View More