Podcasts about dns hijacking

This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes,Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products?, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, and Huntress Acquires EDR Technology From Level Effect! In the second segment, we welcome Fredrik Nordberg Almroth from Detectify to discuss his recent research into DNS Hijacking to control top-level domains! In the final segment, Allan Alford from The Cyber Ranch Podcast joins us for a discussion on the ever popular topic of Supply Chain Security!   Show Notes: https://securityweekly.com/esw214 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!

Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw214

This week, in the Enterprise Security News, Platform9 unburdens users from the complexities of Kubernetes,Swimlane Raises $40 Million, SonicWall hacked by zero-days in its own products?, Deloitte Buys Root9B, Cygilant and SentinelOne Partnership, Fortinet announces AI-powered XDR, AlgoSec Announced updates to A32, ESET Launches Enhanced Cloud-based Endpoint Security Management, Entrust acquires HyTrust, LogRhythm acquires MistNet, and Huntress Acquires EDR Technology From Level Effect! In the second segment, we welcome Fredrik Nordberg Almroth from Detectify to discuss his recent research into DNS Hijacking to control top-level domains! In the final segment, Allan Alford from The Cyber Ranch Podcast joins us for a discussion on the ever popular topic of Supply Chain Security!   Show Notes: https://securityweekly.com/esw214 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes!

Fredrik Nordberg Almroth, Security Researcher at Detectify, tells the story of how he managed to claim the top-level domain of an entire country - the Congo (DRC), .cd - before any bad actors could snatch it up. He will also discuss domain takeovers (TLD as well as subdomains) and how they can be prevented. Key to this is to keep track of your assets and monitor them for vulns.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw214

Welcome! Craig discusses how your DNS is being hijacked by new browser protocols known as DNS over HTTPS (DoH.) For more tech tips, news, and updates visit - CraigPeterson.com --- Read More: Using The New Chrome Secure DNS Settings To Browse Privately Is Easy --- Automated Machine Generated Transcript: Far too many ISP are watching where we're going and even changing our location, that URL you type in might not take you where you think you should be going. [00:00:17] Hi everybody. Craig Peterson here. Thanks for joining me. We're here every week with all kinds of great information, keeping up to date on the latest in technology. And of course. Because I'm a security guy, a lot about security, and that's kinda what we're going to talk about right now. We all have internet service providers, whoever they are. [00:00:40]In fact, the internet service providers even have internet service providers because they have to connect with other networks in order to get you where you want to go online. It's a strange world out there. And one of the things that the internet does and frankly has to do in order to get you to that location you want to go, is it uses something called the domain name system. [00:01:07] Oh, you might call it the domain name service as well. But the idea behind this is to allow you to type in a URL or click on a link and that link then takes you to the correct site. Now you might be wondering what's this all about, I'm not going to get into the guts of the internet. That's not what I do. [00:01:29] That's not my job. That's not going to affect me. Oh, my, it does because the domain name service was designed many years ago to solve a problem, but it did not consider another problem that was being created in his stead. What we've ended up with is. You guessed it, another problem, the DNS system allows you to type in that I address. [00:01:58] And then it goes to your internet service provider and says, Hey, I want to go to google.com. Give me the address. And then. The internet service provider goes and talks upstream, finally finds out what the address for Google is. It's just like if you sent a piece of email and you addressed it to Craig Peterson in the Northeast United States, now it might get to me because some of these postal workers are very driven and they really want to help out. [00:02:27] Right. But what are the odds that mail would actually end up in my mailbox? You know, not very good. Is it, so you have. To have a street address or maybe appeal, box number to send that true that to, maybe a rural route number as well. Who knows? Right? Depends on where you're at. If you're overseas, a military duty it's even different, but on the internet, Everything has to come down to these numbers. [00:02:53] It's called the internet protocol, IPV four, and IPV six. Now you don't have to know all of that because all you have to do is type in google.com. Right. We already established that as an easy way to get to Google. However, Behind the scenes what's happening is that some of these internet service providers are actually intercepting your computer's requests to get to Google. [00:03:21] And then what they're doing with that intercept is changing it sometimes. So they'll look and see, is there a site called google.com? Oh no, there's not. All right. Great. Yes. So then they send you to yet another site that's not Google. And they try and upsell you there'll be Ads all over it. There may be their own little search engine thing. [00:03:44] That's come up on the screen that allows you to hopefully find the real google.com. On top of it all, not only are these internet service providers who were paying by the way, not only are they intercepting our DNS requests, but frequently they are also being intercepted by the bad guys. Here's what's happening there. [00:04:09] You have a router in your home, a router in your small business. Now that router is where all of your data goes to. And from the internet now, obviously in bigger businesses, we'll set up multiple routers, multiple sites. We'll probably run a protocol called BGP that lets me route everything in between. [00:04:30] Right? So if we have a failure, we can failover and everything just continues on. It's just wonderful. But in all of these cases, that router is a central point for all of your data going out to the internet. So what happens when a bad guy gains control of that router? And we're seeing this happen more and more now, because when was the last time you went ahead and made a change to the firmware on your router on that firewall box? [00:05:06] Right? It probably never, most of us never touch it. We buy it, we set it and we forget it. Right. We, Ron Popeil the thing. But that's not what we need to be doing in this day and age this day and age, we're looking at the internet of things. We're looking at hundreds, maybe thousands, ultimately, of pieces of hardware in our homes. [00:05:29] It's going to be embedded in our clothing. It's already in some of the shoes we have purses. We have. All of those devices need updates. Now that's one of the reasons we advise people to get rid of those big-box retail devices that they have like a link SIS box or who knows what, and that they're using at the network edge. [00:05:54] We advise them to get something that's way more professional that has longterm support for it. And, you know, for my clients, we always use it. The Cisco gear. There's a whole new line that we've had great success with called them. Rocky go, you can look it up online. I'd be glad to help you with that. And then the next sec pop from that is Rocky. [00:06:16] And then you get into the Cisco, but here's what's happening. You have not updated the firmware in your router slash firewall. Now, many times you cannot update the firmware because it is out of revision. So you bought this hardware three, four or five, six years ago as we were working just fine. Has given you the wifi. [00:06:41] Everything is just hunky Dory. It's wonderful. And you've never thought twice about changing that firmware. And in fact, the manufacturer hasn't bothered to release updates to fix the latest, major bug security problem in their firmware. So do you see where I'm going here now? Here's what happens if you put all of this into a pot, let's stir it up. [00:07:04] I know it's a little confusing, but here's what comes out in the end. When we take it out of the oven, the bad guys, they update the firmware. On your rudder slash firewall. That's a worst-case scenario. They actually updated and they set it up to send all of their data to Russia. All of your data, I should say to Russia or China, but what we're seeing right now is a DNS attack where they are routing all of your intranet DNS requests to them and their server. So here's what happened. Imagine you're sitting in front of your computer and you type in your bank, maybe it's TD bank.com, bank of america.com. Whatever it is. Remember your browser does not know how to get to TD bank. It doesn't know how to get to the Bank of America. [00:07:58] So what does it do? It then sends a request out to the internet saying, Hey, what's the internet address for TD bank what's happened now? Is it sends a packet out to the internet? Hopefully to your internet service provider, but it gets intercepted. And now that packet goes to the bad guys and the bad guys say, Oh, TD bank. [00:08:26] Yeah. Yeah. There, you know that part of town you never wanted to go into, you know, on the other side of the tracks where it's kind of dark and greasy and yeah. There's a lot of muggings and stuff. That's where TD bank is. Oh yeah. Go over there. So they will return the wrong address for TD bank. And now your browser ends up on their website, could even be a dark web website and all of your data, everything you're typing in is now being captured by them. [00:08:58] So we have now both Firefox and Chrome who are doing something called HTTPS. DNS over HTTPS is, of course, is encryption. So it is now sending the requests for DNS encrypted end to end. That is great for consumers, usually. However, It does break security systems. So both Google and Mozilla have jumped on board here a little prematurely, but that's what's happening right now with your DNS. [00:09:37] And what you should do is going to be based on your environment and what you're doing. Check people tell you, Hey, stick around. We're going to talk about insider threats. I bet you didn't know how prevalent they are and how they're occurring. You're listening to Craig Peterson.com. Stick around. We'll be right back. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

NIST offers advice on telework, as does Microsoft. Things to do for your professional growth while you’re in your bunker. Magecart hits Tupperware, and they won’t be the last as e-commerce targeting spikes. DNS hijacking contributes to an info-stealing campaign. Apple and Adobe both patch. The US publishes its 5G security strategy. And some thoughts on the value of work, as brought into relief by a pandemic. Thomas Etheridge from Crowdstrike on their 2020 Cyber Front Lines Report, guest is Michelle Koblas from AppDynamics on third-party risk management. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_26.html Support our show

Someone has been running a DNS hijacking campaign against governments in southeast Europe and southwest Asia, and Reuters thinks that someone looks like Turkey. Experts would like to see a more thorough forensic analysis of Mr. Bezos’ iPhone: that hack may look like a Saudi job, but the evidence remains circumstantial. Interpol’s Operation Night Fury dismantles a gang that had been preying on e-commerce. And ave atque vale, Clayton Christensen, theorist of disruptive innovation. Robert M. Lee from Dragos with 2020 predictions (reluctantly). For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_27.html Support our show  

„kurz informiert“ mit Isabel Grünewald und das sind die Schlagzeilen: Kinder-GPS-Uhren millionenfach ausspionierbar Kassenarzt-Chef fordert E-Tretroller-Verbot wegen Verletzungsgefahr Mozilla aktiviert DNS-over-HTTPS für Firefox UND Drastische Strafe für LG nach unzureichendem Kundensupport Auf Amazon und anderen Online-Marktplätzen verkaufen allerhand dubiose Anbieter kostengünstig "Smartwatches", mit denen Eltern ein Auge auf ihre Kinder haben können. Forscher des Anti-Viren-Herstellers Avast haben nun eine knappe Million solcher Geräte im Netz geortet, die so unsicher sind, dass die Forscher empfehlen, sie wegzuwerfen, um die Kinder nicht zu gefährden. Bereits Anfang 2018 deckten c't und heise online horrende Sicherheitslücken in Kinder-Smartwatches der österreichischen Firma Vidimensio auf. Diese Geräte wiesen ebenfalls alle jene Sicherheitslücken auf, die nun von den Avast-Forschern beschrieben wurden. Andreas Gassen, Vorstandsvorsitzender der Kassenärztlichen Bundesvereinigung fordert gegenüber der Neuen Osnabrücker Zeitung, E-Tretroller komplett zu verbieten. Nur das würde helfen, komplexe Brüche von Armen und Beinen bis hin zu Kopfverletzungen und Todesfällen zu vermeiden. Aus unfallchirurgischer Sicht seien E-Tretroller eine Katastrophe. Der Unfallforscher Siegfried Brockmann vom Gesamtverband der Versicherer hielt dagegen, jetzt schon ein Verbot zu fordern sei "Quatsch". Es komme vielmehr darauf an, die Fehlentwicklungen der vergangenen Monate zu beseitigen. Nach erfolgreichen Tests will Mozilla noch im September DNS-over-HTTPS – kurz DoH – für alle Firefox-Nutzer freischalten – zunächst aber nur in den USA. Bei aktiviertem DoH verschlüsselt Firefox die DNS-Daten, was die Privatsphäre der Nutzer besser schützt. DoH schützt außerdem vor DNS-Hijacking und Spoofing, zudem lässt sich DoH-Traffic schwer zensieren. DoH birgt allerdings auch Gefahren, da es eine bewährte, stabile Infrastruktur weitgehend umkrempelt. Der australische Gerichtshof hat LG Electronics zu einer Geldbuße in Höhe von umgerechnet 99.000 Euro verurteilt, weil das Unternehmen Kunden abgewimmelt hatte, deren OLED-TVs Einbrenner zeigten. In der Garantieabwicklung hatte sich der Kundendienst nach Einschätzung des Gerichts nicht angemessen verhalten. Diese und weitere aktuelle Nachrichten finden Sie ausführlich auf heise.de

Recently, the Department of Homeland Security (DHS) released a warning about DNS hijacking and how website owners can protect themselves against it. To explain what DNS hijacking is and how adversaries use it to steal sensitive information, Elli Kanal and Daniel Ruef give a high-level overview of how DNS and network traffic work. They discuss how servers communicate with each other, what kind of information servers send to each other and why, and how adversaries can hijack that information. Finally, Elli and Daniel give some advice about what website owners might do to monitor their websites to make sure that adversaries have not hijacked their DNS.

Russian Intelligence Contractor Hacked exposing Russian Projects on Social Networks, Tor Network, Isolating Russia's Internet and More, UK's National Cyber Security Centre Issues Warning on DNS Hijacking, WordPress AdInserter Vulnerability   Today's Agenda is as follows Russian Intelligence Contractor Hacked exposing Russian Projects on Social Networks, Tor Network, Isolating Russia's Internet and More UK's National Cyber Security Centre Issues Warning on DNS Hijacking WordPress AdInserter Vulnerability Security Researcher Earns $10K From Reporting Tesla Flaw If you would like to add the podcast to your Alexa flash briefings you can do so here.

Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa. This attack has the potential to erode trust and stability of the DNS system, so critical to the global economy. Craig Williams is director of Talos Outreach at Cisco, and he joins us to share their findings.  The original research can be found here: https://blog.talosintelligence.com/2019/04/seaturtle.html The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Researchers at Cisco Talos have been tracking what they believe is a state-sponsored attack on DNS systems, targeting the Middle East and North Africa. This attack has the potential to erode trust and stability of the DNS system, so critical to the global economy. Craig Williams is director of Talos Outreach at Cisco, and he joins us to share their findings.  The original research can be found here: https://blog.talosintelligence.com/2019/04/seaturtle.html

DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.html Broadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/ NamPoHyu Virus Infects Samba Servers https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/ Increased Attacks on Confluence https://twitter.com/DFNCERT/status/1118468599230943233

DNS Hijacking by Sea Turtle https://blog.talosintelligence.com/2019/04/seaturtle.html Broadcom Wifi Driver Vulnerabilities https://www.kb.cert.org/vuls/id/166939/ NamPoHyu Virus Infects Samba Servers https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/ Increased Attacks on Confluence https://twitter.com/DFNCERT/status/1118468599230943233

Recently, the Department of Homeland Security (DHS) released a warning about DNS hijacking and how website owners can protect themselves against it. To explain what DNS hijacking is and how adversaries use it to steal sensitive information, Elli Kanal and Daniel Ruef give a high-level overview of how DNS and network traffic work. They discuss how servers communicate with each other, what kind of information servers send to each other and why, and how adversaries can hijack that information. Finally, Elli and Daniel give some advice about what website owners might do to monitor their websites to make sure that adversaries have not hijacked their DNS.

In today’s podcast, we hear that ICANN has warned of a DNS hijacking wave, and is urging widespread DNSSEC adoption. Security firms see Iran as a particularly active DNS hijacker. A B0r0nt0k ransomware outbreak infests Linux servers, but Windows users might be at risk as well. A request for whitelisting in the Firefox certificate store arouses controversy. Technology Review raises questions about blockchain security. Bots keep people from getting consular appointments, and people don’t like it. And telling minotaurs from unicorns. Rick Howard from Palo Alto Networks with tips on moving data to the cloud.   For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_25.html  Support our show

The Naked Security Podcast digs into a US Emergency Directive to stop government sites getting hijacked, examines a data breach with a difference, and hears a cybersecurity expert's confession of how his Instagram got hacked. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. This week's stories: https://nakedsecurity.sophos.com/us-gov-declares-emergency https://nakedsecurity.sophos.com/bqs-dodgy-database-divulges-data https://nakedsecurity.sophos.com/how-my-instagram-account-got-hacked Social network advice: https://nakedsecurity.sophos.com/how-to-secure-your-instagram-account-using-2fa https://nakedsecurity.sophos.com/how-to-secure-your-twitter-account https://nakedsecurity.sophos.com/how-to-protect-your-facebook- https://nakedsecurity.sophos.com/facebook-fallout-what-are-your-options Music by: https://purple-planet.com/

This week, we discuss Google's €50 million GDPR fine, GDPR complaints against eight streaming services, Facebook’s Supreme Court appeal and its potential effects on the EU-US Privacy Shield, and an Emergency Directive from the US Department of Homeland Security.

In today’s podcast, we hear that the US House would like some more information from DHS about what prompted its emergency directive about DNS hijacking. More skepticism about Huawei from various governments. A British think tank has been hacked—observers think Russia’s GRU is good for it, but Russia says no, hey, it was Anonymous, and they did a good job. Exposed database leaves financial information out for the taking. Creeps take over a family’s Nest. Ben Yelin from UMD CHHS with a 4th amendment  personal privacy case out of Alaska. Guest is Kathleen Smith from CybersecJobs.com and ClearedJobs.net on the career benefits of volunteering. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_24.html   Support our show

A daily look at the relevant information security news from overnight.Episode 68 - 23 January, 2019STOP ransomware finds a crack - https://www.bleepingcomputer.com/news/security/new-rumba-stop-ransomware-being-installed-by-software-cracks/Adobe issues another unscheduled update - https://threatpost.com/adobe-patches-experience-manager/141046/Researchers ax 100,000 malware sites in 10 months - https://www.zdnet.com/article/security-researchers-take-down-100000-malware-sites-over-the-last-ten-months/That web extension in now a backdoor - https://threatpost.com/web-apps-browser-extensions-backdoors/141061/DHS warns of DNS hijacking - https://www.securityweek.com/dhs-warns-federal-agencies-dns-hijacking-attacks

In today’s podcast, we hear that Emergency Directive 19-01 has told US Federal civilian agencies to take steps to stop an ongoing DNS-hijacking campaign. The US National Intelligence Strategy is out, and it prominently features cyber as a “topical mission objective.” France says that war has begun in cyberspace, and that the enemy should be en garde. British barristers scramble to restore secure email. A metals firm sustains an attack on business systems. And some clown cuts Australian telecoms cables. Justin Harvey from Accenture on blocking incoming threats. Guest is Tom Huckle from Crucial on closing the skills gap. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_23.html   Support our show

A systemd vulnerability creates concern, DNS Hijacking goes worldwide, and major telcos are still selling location data for their users! All that coming up now on ThreatWire. #threatwire #hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆Our Site → https://www.hak5.org Shop → https://www.hakshop.com Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 Threat Wire RSS → https://shannonmorse.podbean.com/feed/ Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999  Host: Shannon Morse → https://www.twitter.com/snubs Host: Darren Kitchen → https://www.twitter.com/hak5darren Host: Mubix → http://www.twitter.com/mubix -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Links:https://www.qualys.com/2019/01/09/system-down/system-down.txthttps://www.zdnet.com/article/new-linux-systemd-security-holes-uncovered/https://thehackernews.com/2019/01/linux-systemd-exploit.html https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.htmlhttps://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaignhttps://www.wired.com/story/iran-dns-hijacking/https://arstechnica.com/information-technology/2019/01/a-dns-hijacking-wave-is-targeting-companies-at-an-almost-unprecedented-scale/https://www.cyberscoop.com/fireeye-dns-hijacking-record-manipulation-iran/ https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobilehttps://www.wired.com/story/carriers-sell-location-data-third-parties-privacy/https://arstechnica.com/tech-policy/2019/01/after-broken-promise-att-says-itll-stop-selling-phone-location-data/https://motherboard.vice.com/en_us/article/d3bnyv/google-demanded-tmobile-sprint-to-not-sell-google-fi-customers-location-datahttps://motherboard.vice.com/en_us/article/j5z74d/senators-harris-warner-wyden-fcc-investigate-att-sprint-tmobile-bounty-huntershttps://www.cnet.com/news/congress-asks-fcc-for-emergency-briefing-on-ending-location-data-sales/https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/FCC.2019.1.11.%20Letter%20to%20the%20FCC%20re%20unauthorized%20disclosures%20of%20consumer%20data.CAT_.pdf   Photo credit:https://cdn.pixabay.com/photo/2017/04/03/14/42/smartphone-2198559_960_720.jpg  

In today’s podcast, we hear that FireEye has called out Iran “with moderate confidence” for a long-running DNS-hijacking campaign. Smart doorbells may not be smart enough for their users’ comfort, if reports of video sharing are to be credited. Crooks are finding Fuze cards as handy as good-guy consumers do. Poland makes two arrests in an espionage case linked to Huawei. And the Russian media are happy to offer sympathy to NSA for some alleged security lapses at Fort Meade. Craig Williams from Cisco Talos with details on Persian Stalker targeting secure messaging apps. Guest is Rajiv Dholakia from Nok Nok Labs on the security pros and cons of biometrics. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/January/CyberWire_2019_01_11.html   Support our show