Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
Stay updated on DNS security with the latest news on threats, protection strategies, and expert insights into securing your domain systems.
Search across headline titles and summaries.
Background for this topic.
DNS is the distributed naming system that translates domain names into IP addresses and other service records. Its security matters because an attacker who compromises a registrar account, authoritative DNS server, or resolver can redirect users to an attacker-controlled service, disrupt access, or interfere with email and software updates. Forged replies and cache poisoning can produce similar redirection when validation is absent. DNS traffic can also carry command-and-control instructions or encoded data, although unusual queries require investigation rather than being treated as proof of compromise.
DNSSEC allows validating resolvers to authenticate signed DNS data, reducing spoofing and cache-poisoning risk; it does not encrypt queries or guarantee availability. Protect registrar and DNS-administration accounts with strong authentication and least privilege, restrict recursion and zone transfers, patch DNS software, and use redundant authoritative infrastructure. Monitor record changes, resolver errors, query volumes, and patterns such as long, frequently changing subdomains to support detection of hijacking, outages, or DNS tunneling.
Weekly headline count for the current query.
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.
An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication.
Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands.
An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
The APT used DNS poisoning to install the Macma backdoor on targeted networks and then deliver malware to steal data via post-exploitation activity.
Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities and find new ways to compromise organizations.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: a Tech Tip on setting up DMARC, a DNS mystery from Muddling Meerkat, and a cybersecurity checklist for M&A transitions.
Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings.
The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses.
Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.
Akamai joins a growing list of security vendors aiming to strengthen companies' DNS defenses.
Petty scammers have figured out how to leverage a core function of DNS in order to maintain scalable, stealthy, pliable malicious infrastructure.
Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
In this Dark Reading News Desk segment, Infoblox's Dr. Renée Burton discusses why better DNS monitoring is so important.
Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.
To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.
DNS rebinding attacks are not often seen in the wild, which is one reason that browser makers have taken a slower approach to adopting the web security standard.