DNS
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28, also tracked as Fancy Bear, Sofacy, Forest Blizzard, Strontium, Storm-2754, and Sednit, has been linked to Russia’s General Staff Main […]
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. The .arpa domain is a special top-level domain reserved for internet infrastructure rather than normal websites. It is used for reverse DNS lookups, which allow systems to map an […]
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks typically trick users into manually executing malicious commands under the guise of fixing errors, installing updates, or enabling functionality. However, this new […]
Cisco switches hit by reboot loops due to DNS client bug
Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by GeekFeed. Starting at approximately 2 AM, what appears to be a firmware bug in the switches’ internal DNS client service began treating DNS lookup failures as fatal errors, causing affected devices to reboot repeatedly. Switches […]
Microsoft: DNS outage impacts Azure and Microsoft 365 services
Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. According to reports on DownDetector and social networks, this incident began impacting Microsoft’s services almost 1 hour ago and is currently causing server and website connection issues for tens of thousands of users. Some of […]
Amazon: This week’s AWS outage caused by major DNS failure
Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday. As GeekFeed reported earlier this week, this incident impacted a critical Northern Virginia data center in the US-EAST-1 region, affecting users worldwide, including the United States and Europe, for over […]
Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack
To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. The outage occurred on July 14 and impacted most users of the service all over the world, rendering internet services unavailable in many […]
Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
A threat actor tracked as ‘Hazy Hawk’ is hijacking forgotten DNS CNAME records pointing to abandoned cloud services, taking over trusted subdomains of governments, universities, and Fortune 500 companies to distribute scams, fake apps, and malicious ads. According to Infoblox researchers, Hazy Hawk first scans for domains with CNAME records pointing to abandoned cloud endpoints, which they determine […]
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. Although the technique isn’t new, its effectiveness has been documented and proven repeatedly in actual cyberattacks. How Fast Flux helps with evasion Fast Flux is a DNS […]
Microsoft fixes Entra ID authentication issue caused by DNS change
Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company’s Seamless SSO and Microsoft Entra Connect Sync. In an update to its Azure status page, Microsoft says these problems were caused by a recent DNS change that triggered DNS resolution failures for the autologon.microsoftazuread.sso.com domain when customers tried to […]