Cisco: DNSpionage attack adds new tools, morphs tactics

The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities. Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of new exploits and capabilities of the nefarious campaign.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key

“The threat actor’s ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization’s normal proxy or weblogs,” Talos wrote.   “DNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.”To read this article in full, please click here READ MORE HERE…

Read more

Cisco warns WLAN controller, 9000 series router and IOS/XE users to patch urgent security holes

Cisco this week issued 31 security advisories but directed customer attention to “critical” patches for its IOS and IOS XE Software Cluster Management and IOS software for Cisco ASR 9000 Series routers. A number of other vulnerabilities also need attention if customers are running Cisco Wireless LAN Controllers.The first critical patch has to do with a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to send malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, Cisco said.To read this article in full, please click here READ MORE HERE…

Read more

Cisco Talos details exceptionally dangerous DNS hijacking attack

Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key

By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here READ MORE HERE…

Read more

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon’s CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here READ MORE HERE…

Read more

You Can Now Get This Award-Winning VPN For Just $1/month

If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you’d usually use the internet for entertainment and work. That’s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.To read this article in full, please click here READ MORE HERE…

Read more

How to quickly deploy, run Linux applications as unikernels

Building and deploying lightweight apps is becoming an easier and more reliable process with the emergence of unikernels. While limited in functionality, unikernals offer many advantages in terms of speed and security.What are unikernels?
A unikernel is a very specialized single-address-space machine image that is similar to the kind of cloud applications that have come to dominate so much of the internet, but they are considerably smaller and are single-purpose. They are lightweight, providing only the resources needed. They load very quickly and are considerably more secure — having a very limited attack surface. Any drivers, I/O routines and support libraries that are required are included in the single executable. The resultant virtual image can then be booted and run without anything else being present. And they will often run 10 to 20 times faster than a container.To read this article in full, please click here READ MORE HERE…

Read more

Meta Networks builds user security into its Network-as-a-Service

Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.To read this article in full, please click here READ MORE HERE…

Read more

Russia demands access to VPN providers’ servers

The Russian censorship agency Roskomnadzor has ordered 10 VPN service providers to link their servers in Russia to its network in order to stop users from reaching banned sites.If they fail to comply, their services will be blocked, according to a machine translation of the order.RELATED: Best VPN routers for small business
The 10 VPN  providers are ExpressVPN, HideMyAss!, Hola VPN, IPVanish, Kaspersky Secure Connection NordVPN, OpenVPN, VPN Unlimited and VyprVPN.To read this article in full, please click here READ MORE HERE…

Read more

Cisco warns of two security patches that don’t work, issues 17 new ones for IOS flaws

Cisco has dropped 17 Security advisories describing 19 vulnerabilities in the software that runs most of its routers and switches, IOS and IOS/XE.The company also announced that two previously issued patches for its RV320 and RV325 Dual Gigabit WAN VPN Routers were “incomplete” and would need to be redone and reissued.[ Also see What to consider when deploying a next generation firewall. | Get regularly scheduled insights by signing up for Network World newsletters. ]
Cisco rates both those router vulnerabilities as “High” and describes the problems like this:   To read this article in full, please click here READ MORE HERE…

Read more

Cisco forms VC firm looking to weaponize fledgling technology companies

Cisco this week stepped deeper into the venture capital world by announcing Decibel, an early-stage investment firm that will focus on bringing enterprise-oriented startups to market.Veteran VC groundbreaker and former general partner at New Enterprise Associates Jon Sakoda will lead Decibel. Sakoda had been with NEA since 2006 and focused on startup investments in software and Internet companies. [ Now see 7 free network tools you must have. ]
Of Decibel Sakoda said: “We want to invest in companies that are helping our customers use innovation as a weapon in the game to transform their respective industries.”To read this article in full, please click here READ MORE HERE…

Read more