Tag Archives: attacks

Sitting Ducks attacks on the rise: domain names hijacked without intrusion

Domain names are getting hijacked undetected by Sitting Ducks attacks. The attack occurs without compromising the linked account, which the DNS provider should secure. The damage the attack causes can be extensive: cybercriminals are given the opportunity to spread malware and phishing under the domain name.

DNS providers are the target of Sitting Ducks attacks. Such attacks allow cybercriminals to hijack domain names and then abuse them. Abuse can take the form of malware, phishing campaigns, brand impersonation and data exfiltration. A Cobalt Strike would have already been illegally distributed in this way.

Researchers at Infoblox and Eclypsium investigated this method of attack and discovered active abuse at several DNS providers. This provider shares in…


Source link

Multiple SMTP Servers Vulnerable to Spoofing Attacks

Multiple SMTP Servers Vulnerable to Spoofing Attacks, Let Hackers Bypass Authentication

A recent discovery has unveiled vulnerabilities in multiple hosted, outbound SMTP servers, allowing authenticated users and certain trusted networks to send emails with spoofed sender information.

These vulnerabilities, CVE-2024-7208 and CVE-2024-7209, exploit weaknesses in the authentication and verification mechanisms provided by Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM).

Domain-based Message Authentication, Reporting, and Conformance (DMARC), which builds on SPF and DKIM, is circumvented, enabling attackers to bypass security measures and spoof sender identities.

Technical Description of the Vulnerabilities

The vulnerabilities stem from the SMTP protocol’s inherent insecurity, as outlined in RFC 5321 #7.1. SPF…


Source link

Elections kick-off sees wave of DDoS attacks hitting European governments

Members of the European Union are currently taking part in elections to the European Parliament, presenting a prime opportunity for hacktivists to perform Distributed Denial of Service (DDoS) attacks against political parties across the spectrum.

At time of writing, 8 of the 27 EU members have completed counting their votes, with the preliminary results and exit polls showing gains for right-wing parties.


Source link

Monday.com removes feature after it was abused in phishing attacks

Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails.

The “Share Update” feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set up automatic notifications for certain updates. 


Source link

North Korean hacking group attacks ScreenConnect flaws to drop dangerous new malware

North Korean state-sponsored threat actors were observed using the recently discovered ScreenConnect vulnerabilities to steal sensitive data from their targets. 

A new report from Kroll shared with TechRadar Pro found a group known as Kimsuky (AKA Thallium) abused two flaws found in ConnectWise’s solution to drop ToddleShark, an upgraded version of the group’s other backdoors, BabyShark and ReconShark. 


Source link