DNS hijacking | Breaking Cybersecurity News | The Hacker News

The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services. The latest bad news is that the World's largest and most widely used Google's free public DNS (Domain name system) resolvers  raised   security red flags yesterday. DNS is the master address list for the Internet, which translates IP addresses into human readable form and vice versa. According to Internet monitoring firm BGPmon , Google's DNS server 8.8.8.8 /32 was hijacked yesterday for 22 minutes. The Google's DNS server handles around 150 billion queries a day and during the 22 minutes of hijacking, millions of Internet users, including Financial institutions , Governments were redirected to BT's (British multinational telecommunications services company) Latin America division in Venezuela and Brazil. It is suspected that Hackers exploited a well-known  vulnerability in the so-called Border Gateway Protocol ( BGP) , which

In past months, we have reported about critical vulnerabilities in many wireless Routers including Netgear, Linksys,  TP-LINK, Cisco, ASUS, TENDA and more vendors, installed by millions of home users worldwide. Polish Computer Emergency Response Team (CERT Polska) recently noticed a large scale cyber attack ongoing campaign aimed at Polish e-banking users. Cyber criminals are using known router vulnerability which allow attackers to change the router's DNS configuration remotely so they can lure users to fake bank websites or can perform Man-in-the-Middle attack. ' After DNS servers settings are changed on a router, all queries from inside the network are forwarded to rogue servers. Obviously the platform of a client device is not an issue, as there is no need for the attackers to install any malicious software at all. ' CERT Polska researchers said. That DNS Hijacking trick is not new, neither most of the router vulnerabilities are, but still millions of r

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it. Emsisoft has detected a new piece of malware called " Linkup ", dubbed as " Trojan-Ransom.Win32.Linkup " that doesn't lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot.  Sounds Interesting?? Once the Linkup Trojan is installed in your system, it makes a copy of itself and disables the selected Windows Security and Firewall services to facilitate the infection. Injected poisoned DNS Server will only allow the malware and Bitcoin miner to communicate with the internet. It display a bogus notification on the victim's web browser, which is supposed to be from the Council of Europe , that accuses you of viewing " Child Pornography " and only returns th

Google's primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar ( domain.tj ) authority has been hacked, that allows the hacker to access domain control panel. Server Kernel:  Linux mx.takemail.com 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686 Iranian hacker ' Mr.XHat' successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told ' The Hacker News ' that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel. Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Following the screenshot of compromised Domain Registrar's Control Panel:

The Syrian Electronic Army (SEA) is at it again. The hacktivist group, who are known to back Syrian President Bashar al-Assad , has hacked many high profile Qatar based websites, including the Google, Facebook, Aljazeera and Government - Military websites. Starting at about 4:25 am (GMT 5:30+), the Syrian Electronic Army shared this message on Twitter: Qatar is #down and  following that, they went about switching off government and private websites using the .qa extension. The domains are managed by Qatar's Ministry of Information and Communication (ictQatar). Apparently, the Syrian Electronic Army gained access to  Qatar Domain Registrar ( portal.registry.qa ) and modifies the DNS entires to redirects the targeted websites to servers controlled by hackers serving defacement page, that include a picture of Assad and the groups logo, as shown. The List of the targeted websites is posted on Twitter by hackers - these include: moi . gov .qa facebook .qa gov .qa vodafone .qa a

A group of Pro-Palestine hackers ' KDMS Team ' today has been able to hijack the Metasploit website simply by sending a fax and hijacked their DNS records. Rapid7 is a leading Security Company and Creator of world's best penetration testing software called ' Metasploit '. The company confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com . The group came to prominence earlier this week when it managed to hijack the websites of popular messaging service WhatsApp and anti-virus company AVG among others. On the website, the hacker posted " Hello Metasploit.  After Whatsapp , Avira, Alexa , AVG and other sites. We were thinking about quitting hacking and disappear again! But we said: there is some sites must be hacked. You are one of our targets. Therefore we are here. And there is another thing do you know Palestine? " Rapid7 official statement regarding the in

Media companies including the New York Times, Twitter and the Huffington Post has been unavailable since Tuesday after the external malicious attack by a group of hackers supporting Syrian President Bashar Assad. For the second time this month, the New York Times' website has gone down. " The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT ," the Times wrote. In its most recent alleged attack, SEA was apparently able to use what's called a spear phishing attack to gain access to the Australia-based domain registrar for The New York Times website and read: " Hacked by SEA, Your server security is very weak ." It appears the domain name system (DNS) for NYTimes.com was rerouted, but can be found using its numerical Internet Protocol addresses, which is 170.149.168.130. The New York Times website has been restored just now, at least temporarily a

On Tuesday, The Foundation for Internet Domain Registration (.NL) in the Netherlands (SIDN) was compromised and some malicious files were uploaded to their server by hackers. According to a blog post ,  SQL injection vulnerability was used to compromise one of the website ( 25jaarvan.nl ) on same server initially, that allows hacker to temporarily access to the domain name registration system. " The DRS web application was shut down and zone file publication was temporarily suspended. ", company said. " As a result of our precautionary action, some areas of the website that registrars use to download registrarship-related data have been unavailable since Tuesday evening. " In another cyber attack on Tuesday, several Belgium websites was also got defaced by another group of hackers. Domain Registrar behind Belgium i.e DNS.be was compromised by attackers. The hackers were able to infiltrate and modify a DNS server, pointing all of the websites to

The LinkedIn became inaccessible for an hour last night. Few Hours before App.net co-founder Bryan Berg posted that LinkedIn DNS was hijacked but later LinkedIn confirmed that they suffered outage due to DNS issue, not Hack. DNS Hijacking is an unauthorized modification of a DNS server or change of DNS address that directs users attempting to access a web page to a different web page that looks the same, but contains extra content such as advertisements, is a competitor page, a malware page, or third-party search page. Bryan said," all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don't require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext ." LinkedIn tweeted " Our site is now recovering for some members. We determined it was a DNS issue, we're continuing to work on it. Thanks for your patience, " but provided no further details. LinkedIn DNS hacked

Algerian Hacker today hijack DNS Yahoo, Microsoft or Google and Paypal redirect users to a deface page. Credit being taken by Hacker going by name MCA-CRB , a serial website defacer. MCA-CRB is a prolific online graffiti artist who has defaced at least 5,000 sites, according to records kept by Zone-H. After Hijacking both domains resolve to an IP address located in the Netherlands," at 95.128.3.172 (server1.joomlapartner.nl). " When we heard about this incident, we were pretty skeptical about the attack. A site such as Google's can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack ," said Stefan Tanase from Kaspersky Lab Romania. " All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page ," Tanase said. Google