Search results for CloudFlare | Breaking Cybersecurity News | The Hacker News

A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv

A phishing-as-a-service (PhaaS) platform known as  Robin Banks  has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a  report  from cybersecurity company IronNet. Robin Banks was  first documented  in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services. It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetize initial access to corporate networks for post-exploitation activities such as espionage and ransomware. In recent months, Cloudflare's decision to blocklist its infrastruct

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. "Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia," Fortinet FortiGuard Labs researcher Cara Lin  said . The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection bug affecting multiple firewall models that could potentially allow an unauthorized actor to execute arbitrary code by sending a specifically crafted packet to the targeted appliance. Last month, the Shadowserver Foundation  warned  that the flaw was being "actively exploited to build a Mirai-like botnet" at least since May 26, 2023, an indication of how abuse of  servers running unpatched software  is on the rise.

It seems like the prolonged downtime and technical difficulties faced by The Pirate Bay over the past several weeks were due to a series of distributed denial of service (DDoS) attacks against the widely-popular torrent website by malicious actors. For those unaware, The Pirate Bay was down for more than a week with most visitors displayed a Cloudflare error mentioning that a "bad gateway" is causing problems, while others served with a "database maintenance" message prompting users to check back in 10 minutes. Though the site's moderators did not reveal any details regarding the Pirate Bay downtime, a reputable source with a direct link with the operators told Torrent Freak that the recent Pirate Bay downtime issues "were likely caused by malicious actors who DDoSed the site's search engine with specially crafted search queries." The attacker(s) flooded The Pirate Bay with "searches that break the Sphinx search daemon," effecti

Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years.  According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted  Glupteba botnet  as well as the infamous TrickBot malware were all distributed using the same command-and-control (C2) server. "The C2 server serves as a botnet-as-a-service controlling nearly 230,000 vulnerable MikroTik routers," Avast's senior malware researcher, Martin Hron,  said  in a write-up, potentially linking it to what's now called the Mēris botnet. The botnet is known to exploit a known vulnerability in the Winbox component of MikroTik routers ( CVE-2018-14847 ), enabling the attackers to gain unauthenticated, remote administrative access to any affected device. Parts of the Mēris botnet were  sinkholed  in late  September 2021 . "The  CVE-2018-

Google on Tuesday said it took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism. As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the CyberCrime Investigation Group over the past year to terminate around 63 million Google Docs that were observed to have distributed the malware, alongside 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts that were associated with its distribution. Google TAG further said it worked with internet infrastructure providers and hosting providers, such as Cloudflare, to dismantle the malware by taking down servers and placing interstitial warning pages in front of the malicious domains. In tandem, the internet giant also announced a lawsuit against two Russ

The threat actor known as  ChamelGang  has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed  ChamelDoH  by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS ( DoH ) tunneling. ChamelGang was  first outed  by Russian cybersecurity firm Positive Technologies in September 2021, detailing its attacks on fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan. Attack chains mounted by the actor have leveraged vulnerabilities in Microsoft Exchange servers and Red Hat JBoss Enterprise Application to gain initial access and carry out data theft attacks using a passive backdoor called DoorMe. "This is a native  IIS module  that is registered as a filter through which HTTP requests and responses are processed," Positive Technologies said at the time. "Its principle of operation is unusual: the back

DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique. Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced  that it has successfully mitigated the largest DNS reflection attack ever recorded, which peaked at 167 Gigabits per second (Gbps). The company did not name the target of the digital assault. DNS-reflection was the attack method used in Operation Stophaus , an attack waged in March by The Spamhaus Project, a Geneva-based not-for-profit organization dedicated to fighting Internet spam . When Spamhaus was assaulted by a vast 300Gbps peak DNS reflection attack, it engaged the help of a content delivery network (CDN) called CloudFlare to help defend itself. The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoof

The malware loader known as PikaBot is being distributed as part of a  malvertising   campaign  targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura  said . The malware family, which  first   appeared  in early 2023, consists of a loader and a core module that allows it to operate as a backdoor as well as a distributor for other payloads. This  enables  the threat actors to gain unauthorized remote access to compromised systems and transmit commands from a command-and-control (C2) server, ranging from arbitrary shellcode, DLLs, or executable files, to other malicious tools such as Cobalt Strike. One of the threat actors leveraging PikaBot in its attacks is  TA577 , a prolific cybercrime threat actor that has, in the past, delivered QakBot, IcedID, SystemBC, SmokeLoad

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting  X25519Kyber768  for establishing symmetric secrets in  TLS , starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien  said  in a post published Thursday. Kyber was  chosen  by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing.  Kyber-768  is roughly the security equivalent of  AES-192 . The encryption algorithm has already been adopted by  Cloudflare ,  Amazon Web Services , and IBM. X25519Kyber768 is a hybrid algorithm that combines the output of  X25519 , an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections. "Hybrid mechanism

Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix's website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys the project maintainers used for signing packages. The cyber attack eventually forced the organization to shut down its entire production infrastructure for several hours and log all users out of Matrix.org. So, if you have an account with Matrix.org service and do not have backups of your encryption keys or were not using server-side encryption key backup, unfortunately, you will not be able to read your entire encrypted conversation history. Matrix is an open source end-to-end encrypted messaging protocol that allows anyone to self-host a messaging service on their own servers, powering

The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and 'last mile' source authentication with a client's DNS resolver," according to the NSA's  new guidance . Proposed in 2018,  DoH  is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting. Even worse, the

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview In 2023, the cybersecurity landscape witnessed a remarkable rise in cyberattacks.  One notable shift was the cyber risk integration with business risk, a concept gaining traction in boardrooms worldwide. As the magnitude of losses due to cyberattacks became evident, organizations started reevaluating their strategies.  Geopolitical factors played a significant role in shaping information security. The conflicts between nations like Russia and Ukraine had ripple effects, influencing the tactics of cybercriminals. It was a year where external factors intertwined with digital threats. Ran

A threat actor known as  Muddled Libra  is targeting the business process outsourcing (BPO) industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the release of the 0ktapus phishing kit, which offered a prebuilt hosting framework and bundled templates," Palo Alto Networks Unit 42  said  in a technical report. Libra is the constellation-themed  designation  given by the cybersecurity company for cybercrime groups. The "muddled" moniker for the threat actor stems from the prevailing ambiguity with regards to the use of the 0ktapus framework. 0ktapus , also known as Scatter Swine, refers to an intrusion set that first came to light in August 2022 in connection with smishing attacks against over 100 organizations, including Twilio and Cloudflare. Then in late 2022, CrowdStrike  detailed  a string of cyber assaults aimed

Russia has stepped up its censorship efforts in the country by fully blocking access to the Tor web anonymity service, coinciding with the  ban  of six virtual private network (VPN) operators, as the government continues its efforts to control the internet and crack down on attempts to circumvent locally imposed web restrictions. The Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor, the watchdog responsible for monitoring, controlling and censoring Russian mass media, announced the block, accusing it of enabling access to illegal content, Reuters  reported  this week. Russia  accounts  for 15% of all Tor users, with more than 310,000 daily users, second only to the U.S. Tor, short for The Onion Router,  enables  users to automatically encrypt and reroute their web requests through a network of Tor relays for anonymizing network traffic, as well as help bypass censorship and protect their identities from the intern