A multistage remote access trojan (RAT), known as ZuoRAT, has been specifically developed to attack small office/home office (SOHO) routers. These devices have been more frequently used for work since the increase in home-working in 2020 due to the Covid-19 global pandemic. It is suspected that this attack has been going undetected for the pastRead more
Blog
SAD DNS is a protocol level vulnerability in the DNS system. Microsoft has published a new security advisory which offers a mitigation to protect your DNS systems from spoofing or poisoning. If an attacker is able to successfully exploit the SAD DNS vulnerability (CVE-2020-25705), it will be possible to spoof a DNS packet which isRead more
An award winning security paper published this week explains a newly discovered vulnerability called SAD DNS which leaves many websites vulnerable to man-in-the-middle and impersonation attacks. DNS is the system that converts friendly website addresses (www.secureteam.co.uk) into the numeric IP addresses used by TCP/IP. SAD DNS is a flaw discovered in the DNS protocol whichRead more
Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years. A blog post from the Microsoft Security Response Centre states: Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flawRead more
The UK National Cyber Security Centre published an advisory this week regarding the ongoing and increasing risk of DNS hijacking. DNS is the system that converts domain names to IP addresses allowing the world wide web to function. Its architecture is designed to be distributed in order to be resilient and stable. This distributed andRead more
Checkpoint research have published an interesting demonstration of hacking a customer account for an EA online game by chaining together a series of conventional attacks including social engineering, phishing and session high-jacking. What makes this demonstration noteworthy is the use of poor DNS hygiene in order to take control of a subdomain of EA.com. ForRead more
A wave of DNS hijack attacks has been sweeping across Europe, the Middle-East and America according to recently published reports from FireEye and Cisco. While the attacks are creative and sophisticated, the root attack vector is often a simple credential compromise to the DNS control panel of an organisation’s domain name registrar. The scale ofRead more
Recent Comments