Home Tags Domain Name

Tag: Domain Name

DDoS attacks abusing exposed LDAP servers on the rise

Each DDoS (distributed denial-of-service) attack seem to be larger than the last, and recent advisories from Akamai and Ixia indicate that attackers are stepping up their game.

As attackers expand their arsenal of reflection methods to target CLDAP ...

DNS record will help prevent unauthorized SSL certificates

In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn't have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain.

The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.To read this article in full or to leave a comment, please click here

Clean up your DNS act or get pwned like this bank

An organization’s domain name may be its most important asset, and losing control over it affects more than its website.

For a large Brazilian bank, a domain hijacking operation last fall resulted in attackers stealing payment card data, taking over customer accounts, and infecting customers with malware.While the actual bank heist began on Oct. 22, 2016, at around 1 p.m., the preparations for the attack were underway at least five months in advance, said Kaspersky Lab researchers Fabio Assolini and Dmitry Bestuzhev at last week’s Security Analyst Summit.

The sophisticated cybercrime group gained access to the bank’s domain registrar and modified the Domain Name System (DNS) records for the bank’s all 36 online properties.To read this article in full or to leave a comment, please click here

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs...

Chrome to immediately stop recognizing EV status and gradually nullify all certs.

DNS lookups can reveal every web page you visit, says German...

The fix is simple: turn your modem on and off again to get a new IP address. Or ask your ISP to assign them more often Domain-name lookups only tell you site visits, not pages viewed, right? Wrong: the interaction between a user and the Domain Name System is more revealing than previously believed, according to a paper from German postdoc researcher Dominik Herrmann.…

Debunking 5 Myths About DNS

From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.

After NSA hacking exposé, CIA staffers asked where Equation Group went...

CIA hackers wasted no time analyzing the blunders made by their NSA counterparts.

Failing to secure DNS is ‘savage ignorance’: Geoff Huston

The domain name system is everything, says APNIC's chief scientist.
If you're not securing it, that's 'pathetic'.

Researchers uncover PowerShell Trojan that uses DNS queries to get its...

Delivered by "secure" Word doc, pure PowerShell malware fetches commands from DNS TXT records.

High Severity BIND Vulnerability Can Lead to A Crash

The Internet Systems Consortium patched the BIND domain name system this week, addressing a remotely exploitable vulnerability it said could lead to a crash.

Leave Spicer alone! (Or, why DNS registration is horrible)

He registered domains years ago, leaving personal data exposed—like lots of people.

DDoS attacks in Q4 2016

2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, attack scale and impact on our daily life.
In fact, the year ended with massive DDoS attacks unseen before, leveraging Mirai botnet technology.