Kategorie
DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign
Venezuela is a country facing an uncertain moment in its history. Reports suggests it is in significant need of humanitarian aid.
On February 10th, Mr. Juan Guaidó made a public call asking for volunteers to join a new movement called “Voluntarios por Venezuela” (Volunteers for Venezuela). According to the media, it already numbers thousands of volunteers, willing to help international organizations to deliver humanitarian aid to the country. How does it work? Volunteers sign up and then receive instructions about how to help. The original website asks volunteers to provide their full name, personal ID, cell phone number, and whether they have a medical degree, a car, or a smartphone, and also the location of where they live:
This website appeared online on February 6th. Only a few days later, on February 11th, the day after the public announcement of the initiative, another almost identical website appeared with a very similar domain name and structure.
In fact, the false website is a mirror image of the original website, voluntariosxvenezuela.com
Both the original and the false website use SSL from Let’s Encrypt. The differences are as follows:
Original voluntariosxvenezuela.com website Deception website First day on the Internet, Feb 6th First day on the Internet, Feb 11th Whois information:Registered on the name of Sigerist Rodriguez on Feb 4, 2019 Whois information:
Registered via GoDaddy using Privacy Protection feature on Feb 11, 2019 Hosted on Amazon Web Services Hosted first on GoDaddy and then on DigitalOcean
Now, the scariest part is that these two different domains with different owners are resolved within Venezuela to the same IP address, which belongs to the fake domain owner:
That means it does not matter if a volunteer opens a legitimate domain name or a fake one, in the end will introduce their personal information into a fake website.
Both domains if resolved outside Venezuela present different results:
Kaspersky Lab blocks the fake domain as phishing.
In this scenario, where the DNS servers are manipulated, it’s strongly recommended to use public DNS servers such as Google DNS servers (8.8.8.8 and 8.8.4.4) or CloudFlare and APNIC DNS servers (1.1.1.1 and 1.0.0.1). It’s also recommended to use VPN connections without a 3rd party DNS.
620 million records from 16 websites listed for sale on the Dark Web
Security firm beats Adobe by patching reader flaw first
Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups
Researchers Implant "Protected" Malware On Intel SGX Enclaves
Populární elektrokoloběžku Xiaomi lze hacknout. Na dálku můžete zapnout brzdy i akceleraci
Hacknout nemocnici? Stačí bílý plášť a počítač
Siemens Warns of Critical Remote-Code Execution ICS Flaw
Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack
Microsoft Patches Zero-Day Browser Bug Under Active Attack
Researchers use Intel SGX to put malware beyond the reach of antivirus software
Intel Skylake die shot. (credit: Intel)
Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks.
The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.
SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with.
Critical WordPress Plugin Flaw Allows Complete Website Takeover
Attackers Completely Destroy VFEmail’s Secure Mail Infrastructure
Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws
New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History
Major Container Security Flaw Threatens Cascading Attacks
Xiaomi M365 Electric Scooter Hacked and Remotely Controlled
Adobe Releases February 2019 Patch Updates For 75 Vulnerabilities
Earning Network+ CEUs
Networking is a dynamic field that requires facing new challenges and keeping on top of the latest security trends and advancements. Cyber-pests are continually developing sophisticated attacks to compromise corporate network security. On the other hand, IT professionals require new ideas and techniques to deal with these culpable attacks. Staying current with up-to-date networking technologies […]
The post Earning Network+ CEUs appeared first on InfoSec Resources.
Earning Network+ CEUs was first posted on February 12, 2019 at 10:04 am.©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
- « první
- ‹ předchozí
- …
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- …
- následující ›
- poslední »
