DMV.Community

24 posts22 participants1 post today

Andreas Klopsch🔍 Exploring Domain Generation Algorithms (DGAs) in Malware 🔍Domain Generation Algorithms (DGAs) enable malware to change its domain dynamically. Below is an article I wrote years ago, which explains the difference between seed based and dictionary based algorithms.<a href="https://malwareandstuff.com/dgas-generating-domains-dynamically/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://malwareandstuff.com/dgas-generating-domains-dynamically/</a><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/dga" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dga</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a>

Chad :vbike:Upgraded all four of my pihole instances to v6. They’re working perfectly!I love how a bunch of the “advanced” settings are now available from the UI. It makes initial set up so much easier.<a href="https://vault37.xyz/tags/pihole" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pihole</a> <a href="https://vault37.xyz/tags/pihole6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pihole6</a> <a href="https://vault37.xyz/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhost</a> <a href="https://vault37.xyz/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosted</a> <a href="https://vault37.xyz/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhosting</a> <a href="https://vault37.xyz/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://vault37.xyz/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a>

Quad9DNSOur Quad9 documentation is now also available in <a href="https://mastodon.social/tags/Romanian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Romanian</a> (<a href="https://docs.quad9.net/ro/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://docs.quad9.net/ro/</a>) thanks to the help of our friend, Toma Minea (<a href="https://www.linkedin.com/in/toma-minea-86900582/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.linkedin.com/in/toma-minea-86900582/</a>).<a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

OTX BotPhaaS actor uses DoH and DNS MX to dynamically distribute phishingInfoblox discovered a phishing kit that creatively employs DNS mail exchange (MX) records to dynamically serve fake, tailored, login pages, spoofing over 100 brands.Pulse ID: 67eaf35a20355ae846b8269d Pulse Link: <a href="https://otx.alienvault.com/pulse/67eaf35a20355ae846b8269d" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67eaf35a20355ae846b8269d</a> Pulse Author: AlienVault Created: 2025-03-31 19:56:09Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

OTX BotPulling the Threads on the Phish of Troy HuntA sophisticated phishing attack targeted Troy Hunt, compromising his Mailchimp account. The analysis reveals connections to the Scattered Spider group through domain pivoting. Using Validin's DNS, host response, and registration data, dozens of related domain names were uncovered. The investigation exposed a fake Cloudflare turnstile and bogus registration details. Pivoting on various features led to the discovery of multiple related domains and IP addresses. The attack's tactics strongly resemble those of Scattered Spider, including the reuse of previously used domains. The findings demonstrate the power of Validin's databases for uncovering adversary infrastructure and strengthening threat intelligence.Pulse ID: 67e848f9c64772d54fd7164b Pulse Link: <a href="https://otx.alienvault.com/pulse/67e848f9c64772d54fd7164b" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67e848f9c64772d54fd7164b</a> Pulse Author: AlienVault Created: 2025-03-29 19:24:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RAT</a> <a href="https://social.raytec.co/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScatteredSpider</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a>-as-a-service operation uses DNS-over-HTTPS for evasion<a href="https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operation-uses-dns-over-https-for-evasion/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operation-uses-dns-over-https-for-evasion/</a><a href="https://mastodon.thenewoil.org/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://mastodon.thenewoil.org/tags/DoH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DoH</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

StomataCan you explain DNS to a 5 year old kid? Asking for a friend 🙂 <a href="https://social.linux.pizza/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://social.linux.pizza/tags/askfedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#askfedi</a>

Infoblox Threat IntelMalicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware. Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments. One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records. Block these:user2ilogon[.]es viewer-ssa-gov[.]es wellsffrago[.]com nf-prime[.]com deilvery-us[.]com wllesfrarqo-home[.]com nahud[.]com. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/ssa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssa</a>

OTX BotDNS MX Records used to create Fake Logins for 100+ BrandsHackers has used DNS MX records to create phishing pages that mimic login pages of over 100 brands.Pulse ID: 67e7f17048cfce198f615d3e Pulse Link: <a href="https://otx.alienvault.com/pulse/67e7f17048cfce198f615d3e" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/67e7f17048cfce198f615d3e</a> Pulse Author: cryptocti Created: 2025-03-29 13:11:12Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mimic</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptocti</a>

Terence Eden🆕 blog! “How to prevent Payment Pointer fraud”There's a new Web Standard in town! Meet WebMonetization - it aims to be a low effort way to help users passively pay website owners.The pitch is simple. A website owner places a single new line in their HTML's <head> - something like this:<link rel="monetization"…👀 Read more: <a href="https://shkspr.mobi/blog/2025/03/how-to-prevent-payment-pointer-fraud/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://shkspr.mobi/blog/2025/03/how-to-prevent-payment-pointer-fraud/</a> ⸻ <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://mastodon.social/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTML</a> <a href="https://mastodon.social/tags/standards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#standards</a> <a href="https://mastodon.social/tags/WebMonitization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebMonitization</a>

Esk 🐌⚡💜howdy, <a href="https://hachyderm.io/tags/hachyderm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hachyderm</a>!over the last week or so, we've been preparing to move hachy's <a href="https://hachyderm.io/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> zones from <a href="https://hachyderm.io/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> route 53 to bunny DNS.since this could be a pretty scary thing -- going from one geo-DNS provider to another -- we want to make sure *before* we move that records are resolving in a reasonable way across the globe.to help us to do this, we've started a small, lightweight tool that we can deploy to a provider like bunny's magic containers to quickly get DNS resolution info from multiple geographic regions quickly. we then write this data to a backend S3 bucket, at which point we can use a tool like <a href="https://hachyderm.io/tags/duckdb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#duckdb</a> to analyze the results and find records we need to tweak to improve performance. all *before* we make the change.then, after we've flipped the switch and while DNS is propagating -- :blobfoxscared: -- we can watch in real-time as different servers begin flipping over to the new provider.we named the tool hachyboop and it's available publicly --> <a href="https://github.com/hachyderm/hachyboop" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/hachyderm/hachyboop</a>please keep in mind that it's early in the booper's life, and there's a lot we can do, including cleaning up my hacky code. :blobfoxlaughsweat: attached is an example of a quick run across 17 regions for a few minutes. the data is spread across multiple files but duckdb makes it quite easy for us to query everything like it's one table.<a href="https://hachyderm.io/tags/sre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sre</a> <a href="https://hachyderm.io/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devops</a> <a href="https://hachyderm.io/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://hachyderm.io/tags/infrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infrastructure</a>

Infoblox Threat IntelWe published a blog yesterday about a PhaaS and phishing kit that employs DoH and DNS MX records to dynamically serve personalized phishing content. It also uses adtech infrastructure to bypass email security and sends stolen credentials to various data collection spaces, such as Telegram, Discord, and email. <a href="https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/</a><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/doh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#doh</a> <a href="https://infosec.exchange/tags/mx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mx</a> <a href="https://infosec.exchange/tags/adtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#adtech</a> <a href="https://infosec.exchange/tags/obfuscation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#obfuscation</a> <a href="https://infosec.exchange/tags/phaas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phaas</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/phishingkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishingkit</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wordpress</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#telegram</a> <a href="https://infosec.exchange/tags/discord" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#discord</a> <a href="https://infosec.exchange/tags/morphingmeerkat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#morphingmeerkat</a>

Jan ☕🎼🎹☁️🏋️‍♂️I wonder when the US government will start banning all TLDs that refer to things they don't like?<a href="https://fedi.kcore.org/tags/uspol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#uspol</a> <a href="https://fedi.kcore.org/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a>

Infoblox Threat IntelLast week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens. Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies. Here are a few samples of the domains:- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil. - creo--ia[.]com Lookalike for an industrial fabrication firm in WA State. - admiralsmetal[.]com Lookalike for US based metals provider. - ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor. - elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/dod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dod</a>

Christoffer S.(infoblox.com) Morphing Meerkat: Advanced Phishing-as-a-Service Platform Using DNS MX Records for Tailored Attacks <a href="https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/</a>This report details the discovery of a sophisticated Phishing-as-a-Service (PhaaS) platform called 'Morphing Meerkat' that has been operating for at least five years. The platform leverages DNS mail exchange (MX) records to dynamically serve fake login pages tailored to victims' email providers, spoofing over 100 brands. The threat actor behind this operation sends thousands of spam emails, primarily through specific ISPs, exploits open redirects on adtech infrastructure, compromises WordPress sites, and uses multiple credential exfiltration methods including Telegram. The phishing kit includes advanced evasion techniques such as code obfuscation, anti-analysis measures, and dynamic translation capabilities supporting over a dozen languages to target users globally.<a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/Infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infoblox</a> <a href="https://swecyb.com/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhaaS</a> <a href="https://swecyb.com/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://swecyb.com/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://swecyb.com/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a>

Quad9DNSGreat blog from our friends at <a href="https://mastodon.social/tags/MaxMind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MaxMind</a> about how we use their <a href="https://mastodon.social/tags/GeoIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GeoIP</a> data to identify regions that are in the most need of our services! All while maintaining our strict privacy standards.<a href="https://blog.maxmind.com/2025/03/how-open-dns-recursive-service-quad9-uses-maxmind-data-to-understand-usage-patterns-and-secure-funding/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blog.maxmind.com/2025/03/how-open-dns-recursive-service-quad9-uses-maxmind-data-to-understand-usage-patterns-and-secure-funding/</a><a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

JP MensI’ve been asked a few times over the course of the same amount of days, what would happen if the powers that be began deleting top-level domains (TLDs) from the DNS system, and whether there is something we (e.g. Asians, Africans, Europeans, Canadians, South Americans, Australians, etc.) could do about it.A very theoretical scenario, DNS edition<a href="https://jpmens.net/2025/03/27/theoretical-scenario-dns-edition/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://jpmens.net/2025/03/27/theoretical-scenario-dns-edition/</a><a href="https://mastodon.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a>

Jan Schaumann"Nope: Strengthening Domain Authentication with Succinct Proofs"<a href="https://nope-tools.org/nope.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://nope-tools.org/nope.pdf</a>Basically: domain owner <a href="https://mstdn.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> signs their name, then encodes a proof of that DNSSEC chain into a new domain name, stashes that in a SAN in the cert and wants the client to verify the proof against... the root ZSK? Which it fetches via DoH from Google DNS, but... doesn't verify?Not sure I get it.<a href="https://mstdn.social/tags/realworldcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#realworldcrypto</a> <a href="https://mstdn.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a>

Stefano MarinelliAnother round of “hey, your server is down!” drama from the "we need moar kubernetes!" crowd.“I can’t reach your server, it must be down.”I connect. Everything’s fine.A few emails later, I ask to access the container. The dev says he can’t - doesn’t know how. He’s a nice guy, though, so he gives me the credentials.I log in and find the issue: someone pushed a workload to production (cue Kubernetes! Moooaaarrr powaaaarrr! We have the cloud! Who needs sysadmins anymore?!) with DNS set to 192.168.1.1.Of course, it fell to me to investigate, because the dev couldn’t even get a shell inside his container. And it's ok, as he's a dev - and just wants to be a dev.Once I pointed it out, they rebuilt the container with the correct config and - TADA! - everything worked again.Then he went to check other workloads (for other clients, not managed by me) that had been having issues for weeks... Same problem.It was DNS. But it wasn't DNS.<a href="https://mastodon.bsd.cafe/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://mastodon.bsd.cafe/tags/SysAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SysAdmin</a> <a href="https://mastodon.bsd.cafe/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://mastodon.bsd.cafe/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloud</a> <a href="https://mastodon.bsd.cafe/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevOps</a>

ricardo :mastodon:21 Best Free and Open Source <a href="https://fosstodon.org/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> Servers <a href="https://www.linuxlinks.com/best-free-open-source-dns-servers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.linuxlinks.com/best-free-open-source-dns-servers/</a>

Recent searches

Search options

Administered by:

Server stats:

#dns