Home Tags Domain Name System

Tag: Domain Name System

DDoS attacks abusing exposed LDAP servers on the rise

Each DDoS (distributed denial-of-service) attack seem to be larger than the last, and recent advisories from Akamai and Ixia indicate that attackers are stepping up their game.

As attackers expand their arsenal of reflection methods to target CLDAP ...

​Melbourne IT confirms DDoS attack behind DNS outage

Melbourne IT has said its DNS outage on Thursday was the result of a large distributed denial-of-service attack.

Forget the Tax Man: Time for a DNS Security Audit

Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.

DNS record will help prevent unauthorized SSL certificates

In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn't have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain.

The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.To read this article in full or to leave a comment, please click here

Clean up your DNS act or get pwned like this bank

An organization’s domain name may be its most important asset, and losing control over it affects more than its website.

For a large Brazilian bank, a domain hijacking operation last fall resulted in attackers stealing payment card data, taking over customer accounts, and infecting customers with malware.While the actual bank heist began on Oct. 22, 2016, at around 1 p.m., the preparations for the attack were underway at least five months in advance, said Kaspersky Lab researchers Fabio Assolini and Dmitry Bestuzhev at last week’s Security Analyst Summit.

The sophisticated cybercrime group gained access to the bank’s domain registrar and modified the Domain Name System (DNS) records for the bank’s all 36 online properties.To read this article in full or to leave a comment, please click here

Brazilians whacked: Crooks hijack bank’s DNS to fleece victims

Usernames, passwords swiped for hours, malware dropped on PCs Rather than picking off online banking customers one by one, ambitious hackers took control of a Brazilian bank's entire DNS infrastructure to rob punters blind.…

Lessons From Top-to-Bottom Compromise of Brazilian Bank

Hackers pulled off a stunning compromise of a Brazilian bank’s operations, gaining control of each of the bank’s 36 domains, corporate email and DNS.

Cybercriminals Seized Control of Brazilian Bank for 5 Hours

Sophisticated heist compromised major bank's entire DNS infrastructure.

Pushing apps to the edge, Fly.io puts middleware in the cloud

New service puts logic closer to users, aims to be "global load balancer" for apps.

The cost of launching a DDoS attack

Almost anyone can fall victim to a DDoS attack.

They are relatively cheap and easy to organize, and can be highly effective if reliable protection is not in place.

Based on analysis of the data obtained from open sources, we managed to find out the current cost of a DDoS attack on the black market. We also established what exactly the cybercriminals behind DDoS attacks offer their customers.

DNS lookups can reveal every web page you visit, says German...

The fix is simple: turn your modem on and off again to get a new IP address. Or ask your ISP to assign them more often Domain-name lookups only tell you site visits, not pages viewed, right? Wrong: the interaction between a user and the Domain Name System is more revealing than previously believed, according to a paper from German postdoc researcher Dominik Herrmann.…

Debunking 5 Myths About DNS

From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.