Search results for tag #dns
Drama du jour sur le réseau :
1) Alibaba s'est planté dans son #DNS et envoie un message à *tous* les membres du LINX (sans utiliser la liste, ce serait trop simple, en mettant tout le monde visible) demandant qu'on vide la mémoire pour leur domaine
2) Des bots répondent à *tous* en disant qu'ils ont bien reçu le message
3) Des bots répondent à l'accusé de réception
Be Careful With Fake Zoom Client Downloads
A deceptive email containing a fake Zoom meeting invitation has been identified. Clicking the 'join' button leads to a website prompting users to install a purported Zoom client update. The downloaded executable, 'Session.ClientSetup.exe', is actually malware that installs an MSI package. This package deploys ScreenConnect, a remote access tool, allowing attackers to gain unauthorized access to the victim's computer. The malware establishes persistence by installing itself as a service and connects to a command and control server at tqtw21aa.anondns.net on port 8041. Users are advised to exercise caution when receiving unexpected Zoom invitations or update prompts.
Pulse ID: 6841b92a2822d337bdf7bf39
Pulse Link: https://otx.alienvault.com/pulse/6841b92a2822d337bdf7bf39
Pulse Author: AlienVault
Created: 2025-06-05 15:35:06
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DNS #ELF #Email #InfoSec #Malware #NET #OTX #OpenThreatExchange #ScreenConnect #Zoom #bot #AlienVault
This looks interesting! Ad-filtering DNS resolvers, among others, with EU funding. Support for DoT and DoH, too.
Not enough funding for easy-to-remember IP addresses, though.
My homelab got it's final touches. I finally removed #Nextcloud and switched completely to #Stalwart, i added automatic #database backups using #cronjobs for all my #databases, i've set up most of my publicly exposed services to run behind the #cloudflare #proxy, improved the directory structure for my #docker #containers, and finally set up pihole as the #dns server on my router. This feels so good.
While doing some DNS stuff at work this morning, I realised I am no longer conversant with how larger ISPs manage their DNS data. Is it still considered bad form to use someone else’s DNS servers instead of ones under your control when configuring your customer’s CPEs? And have ISPs started partnering with data harvesting companies to link your DNS queries to your general advertising interests alongside your billing address? Because they’re missing a trick if they aren’t - that’s free money. #oldsysadmin #realist #dns #seriesoftubes #itslunch #itsalwaysdns
Selling your car? Scammers still have it 'VIN' for you!
We've recently seen a large cluster of domains hosting fake Vehicle Identification Number (VIN) lookup sites — and private car sellers are the target.
While this trick isn’t new, it still catches many off guard — especially first-time sellers. Here’s how it usually plays out:
- You list your car on platforms like AutoTrader, Craigslist, or Facebook Marketplace.
- You're contacted by a keen 'buyer', perhaps asking a few questions to build trust.
- The buyer then asks *you* to get a VIN report — but only from a site *they* provide.
Red flag: Legitimate buyers wanting to know a vehicle's history are to be expected - they may ask for the VIN to do this themselves - but insisting on a specific site is a classic scam move.
Here’s what happens next:
- You enter your VIN on the fake site - it teases you with basic info like make and model.
- To get the 'full report' you’re asked to pay $20–$40.
- At best, you're sent to a legitimate payment provider — but the money goes straight to the scammer.
- At worst, you've just entered your card details into a phishing site.
Got your report? Good luck contacting that buyer, they're 'Audi 5000' — long gone. As for the report, it's usually worthless — no odometer readings, no previous owners, no insurance history - and of no value to you or a legit buyer.
Unsurprisingly, 'VIN' features in their devious domain names, and at the time of writing we identrified a large cluster using it with U.S. states and locations, for example:
- goldstatevin[.]com
- gulfstatevin[.]com
- kansasvin[.]com
- misissippivin[.]com
- utahvincheck[.]com
These have since gone offline, hopefully for good. They're not alone though, the following domains appear to target sellers in Australia and are currently active:
- proregocheck[.]com
- smartcheckvin[.]com
- smartvincheck[.]com
- vincheckzone[.]com
Tip: If a buyer wants a VIN report, let them sort it out — or use a trusted provider of your own. If they refuse? Tell 'em to hit the road!
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam
Just moved 25 DNS zones from DigitalOcean to a european provider, since I don't like relying on businesses in fascistoid states.
Falsch konfigurierte DNS-Einträge: URLs von Bose und Co mit Malware verseucht
Cyberkriminelle nutzen im großen Stil URLs seriöser Anbieter, um ihre Malware zu verbreiten. Ein Vektor ist dabei offenbar falsche DNS-Konfiguration.
#CloudComputing #Cybercrime #Cybersecurity #DNS #IT #Malware #news
Sri Lanka IDN ditches PCH. I wonder if it’s the weird inline signing that PCH configs always seem to have.
https://mastodns.net/@diffroot/114593213190931805
#dns #dnssec
Весь мой вчерашний и позавчерашний день, в борьбе с Unbound , DNS-over-TLS , #letsencrypt, AppArmor и, естественно , Linux.
Alt...
#unbound опять не запускается
Alt...
#AppArmor мешает #unbound читать сертификаты #letsencrypt