#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

dns-over-https | Breaking Cybersecurity News | The Hacker News

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Dec 08, 2023 Endpoint Security / Malware
Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new  Trojan-Proxy  malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit goods," Kaspersky security researcher Sergey Puzan  said . The Russian cybersecurity firm said it found evidence indicating that the malware is a cross-platform threat, owing to artifacts unearthed for Windows and Android that piggybacked on pirated tools. The macOS variants propagate under the guise of legitimate multimedia, image editing, data recovery, and productivity tools. This suggests that users searching for pirated software are the targets of the campaign. Unlike their genuine, unaltered counterparts, which are offered as disk image (.DMG) files, the rogue versions are delivered
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC

ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC

Jun 16, 2023 Endpoint Security / Network Security
The threat actor known as  ChamelGang  has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed  ChamelDoH  by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS ( DoH ) tunneling. ChamelGang was  first outed  by Russian cybersecurity firm Positive Technologies in September 2021, detailing its attacks on fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan. Attack chains mounted by the actor have leveraged vulnerabilities in Microsoft Exchange servers and Red Hat JBoss Enterprise Application to gain initial access and carry out data theft attacks using a passive backdoor called DoorMe. "This is a native  IIS module  that is registered as a filter through which HTTP requests and responses are processed," Positive Technologies said at the time. "Its principle of operation is unusual: the back
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

Jan 16, 2021
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and 'last mile' source authentication with a client's DNS resolver," according to the NSA's  new guidance . Proposed in 2018,  DoH  is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting. Even worse, the
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

Feb 25, 2020
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider. As you may know, DNS-over-HTTPS (DoH) protocol performs DNS lookups — i.e., finding the server I.P. address of a certain domain name — over an encrypted connection to a DNS server rather than sending queries in the plaintext. This privacy-focused technology makes it harder for man-in-the-middle attackers, including your ISPs, to manipulate DNS queries, eavesdrop on your Internet connection, or learning what sites you visit. "This helps hide your browsing history from attackers on the network,
Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Sep 11, 2019
Immediately after Mozilla announced its plan to soon enable ' DNS over HTTPS ' (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, ' DNS over HTTPS ' performs DNS lookups—finding the server IP address of a certain domain name—over an encrypted HTTPS connection to a DNS server, rather than sending DNS queries in plaintext. The protocol that sends DNS queries over secure HTTPS connections has specifically been designed to prevent miscreants from interfering with domain name lookups, eventually stopping network observers, including your ISPs and attackers, from figuring out what sites you visit. Though the privacy-focused technology is also helpful in preventing attackers from redirecting unsuspecting visitors to phishing and malware sites, DNS over HTTPS could also bring its own new challenges to the enterprise security so
Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security

Jan 10, 2019
Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com). Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks. To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections. The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection. Launched over eight years ago, Google Public DNS, at IP addresses 8.8.8.8 and 8.8.4.4, is world's largest public Domai
Cybersecurity Resources