tldrdailynews.com logo
Tag

Dns

All articles tagged with #dns

Grudges, Dangling DNS, and AI-Driven Driver Removals: This Week in Security
security1 month ago

Grudges, Dangling DNS, and AI-Driven Driver Removals: This Week in Security

This week’s security roundup ties together a vindictive Windows Defender exploit (RedSun) and a new Windows zero-day from an annoyed researcher, a dangling DNS scheme hijacking unmaintained university and government domains, Linux’s plan to remove 18 legacy drivers, a Bitwarden CLI compromise in a supply-chain attack that can steal tokens and push code changes via GitHub Actions, questions around Mythos access at Anthropic, Nextcloud ending bug-bounty programs amid AI-generated reports, a patch to iOS 26.4.2 addressing a notification-exposure issue related to Signal, and a $2.5M debt-repayment fraud case in Sri Lanka — illustrating ongoing risks across OS security, supply chains, and legacy infrastructure.

via Hackaday|
#dns#linux#security
DNS Channel Used to Deliver PowerShell Payload in ClickFix Attacks
technology3 months ago

DNS Channel Used to Deliver PowerShell Payload in ClickFix Attacks

A new ClickFix variant uses a DNS-based delivery channel: victims are prompted to run nslookup in the Run dialog, querying an attacker-controlled DNS server. The DNS response contains a PowerShell payload that, when executed, downloads a ZIP with a Python runtime and malware scripts, establishes persistence, and installs ModeloRAT. This marks the first known use of DNS for staging and delivering ClickFix payloads, enabling on-the-fly payload updates and blending with normal DNS traffic instead of relying on HTTP.

via BleepingComputer|
#clickfix#dns#modelorat
DNS-Driven ClickFix: nslookup-based staging delivers Windows malware payloads
technology3 months ago

DNS-Driven ClickFix: nslookup-based staging delivers Windows malware payloads

Microsoft reveals a new DNS-based variant of the ClickFix social-engineering tactic that tricks users into running commands via the Windows Run dialog to perform a DNS lookup with a hard-coded external server. The output’s Name: field becomes the second-stage payload, followed by a ZIP download from azwsappdev[.]com that leads to a Python script, a VBScript launcher for ModeloRAT, and persistence through a startup LNK. The campaign Fos’s broader ecosystem includes loaders and stealers (CastleLoader, Lumma Stealer, RenEngine Loader, Hijack Loader) across Windows and macOS, leveraging fake CAPTCHA pages, social-engineering lures, and aged domains to blend into normal traffic and evade detections.}

via The Hacker News|
#cybersecurity#dns#malware
technology4 months ago

Glibc Patch Fixes a 30-Year DNS Leak (CVE-2026-0915)

A security fix in the GNU C Library addresses a flaw (CVE-2026-0915) present since 1996 that could leak adjacent stack data to the DNS resolver through getnetbyaddr/getnetbyaddr_r. The NSS DNS back-end was fixed after zero-value network inputs were found to be mishandled, with a default query now used when the network value is zero. Glibc 2.43 is expected by early February, and a related issue (CVE-2026-0861) concerning memalign-induced overflow/heap corruption was also resolved in the same update.

via Phoronix|
#cve-2026-0915#dns#glibc
"Efficiently Managing LAN with Traditional DNS and DHCP Methods"
technology2 years ago

"Efficiently Managing LAN with Traditional DNS and DHCP Methods"

This article provides a guide on setting up bind and dhcpd to create a functional dynamic DNS setup for a LAN, ensuring DHCP clients self-register with DNS and enabling working forward and reverse DNS lookups. The author, a homelab sysadmin, emphasizes the importance of reliable DNS in a networking environment and shares their experience in maintaining a linked bind and dhcpd setup for over a decade. The article also hints at a future project involving the creation of a local ACME-enabled certificate authority for issuing LAN certificates.

via Ars Technica|
#bind#dhcp#dhcpd
"ICANN Proposes .INTERNAL Domain for Private Home Networks"
technology2 years ago

"ICANN Proposes .INTERNAL Domain for Private Home Networks"

ICANN has proposed creating a new top-level domain, .INTERNAL, intended for internal use only, to address the uncoordinated and potentially harmful use of ad hoc TLDs for private purposes. After a consultation process, .INTERNAL was chosen over .PRIVATE as the preferred TLD. While ICANN's board still needs to approve the creation of .INTERNAL, some organizations already use ad hoc TLDs for internal purposes, and ICANN advises understanding the potential costs of using private namespaces.

via The Register|
#dns#icann#internal-use
Prolific Puma: Uncovering a Massive Cybercrime URL Shortening Service
cybersecurity2 years ago

Prolific Puma: Uncovering a Massive Cybercrime URL Shortening Service

Security researchers have uncovered a massive cybercrime operation involving a link shortening service provided by an actor known as Prolific Puma. Prolific Puma has registered thousands of domains, primarily on the US top-level domain, to facilitate the delivery of phishing, scams, and malware. The researchers observed that the short links led to various landing pages, including phishing and scam sites. The operation is believed to involve multiple actors, and evidence suggests that text messages are the main channel for distributing the malicious links. Prolific Puma has registered up to 75,000 unique domain names since April 2022, with the majority of domains created on the usTLD. The actor uses private registration protection for some of the domains, which is not permitted in the .US namespace. The researchers have provided indicators of Prolific Puma activity, including hosting IP addresses, domains, and email addresses found in domain registration data.

via BleepingComputer|
#cybercrime#cybersecurity#dns
"The 64-bit Future: How We Host Ars and the Finale"
technology2 years ago

"The 64-bit Future: How We Host Ars and the Finale"

In the final part of their series on how Ars Technica is hosted in the cloud, the article discusses leftover configuration details, including their liveblogging system and authoritative DNS. They also explore the possibility of shifting their infrastructure to AWS's cloud-based 64-bit ARM service offerings, examining the potential benefits in terms of performance and costs. The article provides a recap of their current setup, which includes WordPress, WooCommerce, XenForo, and various other components, all running as containers in ECS tasks.

via Ars Technica|
#arm64#cicd#cloud-hosting
technology3 years ago

"Maximizing DNS Security: Top Servers and Strategies"

Changing your DNS settings can increase your online security and privacy. By default, your ISP sees all your searches and web addresses, but using public DNS servers can be more secure, private, and faster. Some of the best DNS servers include OpenDNS Home, Google Public DNS, Cloudflare, DNSWatch, and Quad9. Each provider has its own strengths and weaknesses, so it's important to consider both security and privacy when choosing a DNS server.

via How-To Geek|
#cloudflare#dns#opendns