The spy becomes the spied-upon. Genworth Financial suffers third-party data breach. Siemens and UCLA become latest victims of MOVEit bug. Read More
The CyberWire
The all in one place for non-profit security aid.
The spy becomes the spied-upon. Genworth Financial suffers third-party data breach. Siemens and UCLA become latest victims of MOVEit bug. Read More
The CyberWire
Record Breaking DDoS Attack 840 Mpps Attack Spotted
The DDoS attacks have evolved tremendously since 2016, with Mirai-like botnets setting new records.
Attack frequency and intensity increased notably in 2023, with 1+ Tbps attacks almost becoming daily by 2024.
Cybersecurity researchers at OVHcloud spotted record-breaking DDoS attacks of 840 Mpps and asserted that peaks of ~2.5 Tbps were also observed.
The cyber attack’s drop corresponded to the dismantling of the 911 S5 Botnet in May 2024; however, whether it was causal remains unconfirmed.
Though attack frequency is now normal, high packet rate attacks (>100 Mpps) still thrive.
Attack scenarios can include a distributed denial of service (DDoS) attack via bandwidth or packet processing.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
Rather than saturating the internet connection, packet rate attacks seek to flood the networking devices’ processing abilities.
These things make them effective, as it takes more computations to deal with many small packets than fewer larger ones.
For instance, a 10 Gbps attack involving an 84-byte packet would generate approximately 14.88 Mpps, compared to 0.85 Mpps with similar-sized packets of 1480 bytes.
This problem motivated OVHcloud to develop custom networking appliances based on FPGA and DPDK for DDoS mitigation efficiency.
High packet rate DDoS attacks have surged, with OVHcloud observing a record-breaking 840 Mpps attack in April 2024, OVHcloud observed.
A study of the worst-performing IPs showed that MikroTik routers were responsible for most of them, and these devices usually had outdated firmware installed.
These devices can generate up to 14.8 Mpps each and mainly belong to business ISPs or cloud providers in Asia.
The feature for “Bandwidth test” in RouterOS versions 6.44+ may be exploited in these types of attacks.
The new trend in DDoS is employing hacked network core devices, mostly MikroTik Cloud Core Routers (CCR).
The analysis revealed that over 99000 CCR devices were exposed online. These are CCR1036-8G-2S+ and CCR1072-1G-8S+, which can generate a maximum of 4 – 12 Mpps each.
If this were a hypothetical botnet using only one percent of these devices, it would theoretically have generated up to 2.28 Gpps.
Another incident involved routers within the same model used during a November 2023 L7 attack with a peak power of 1.2 million requests per second.
This is why shifting to core network devices presents numerous challenges for anti-DDoS infrastructures and raises grave security issues associated with network equipment.
Are you from SOC/DFIR Teams? – Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The post Record Breaking DDoS Attack 840 Mpps Attack Spotted appeared first on Cyber Security News.
PoC Released For Critical Zero-Click Windows Vulnerability
[[{“value”:”
Microsoft’s wide reach as a target prompted attackers to carry out intensive studies on the vulnerabilities and mitigation tools of their products and protocols.
This resulted in a new remote code execution (RCE) WinAPI CreateUri function vulnerability, introduced as part of the CVE-2023-23397 patch.
Unlike the previous two-vulnerability RCE chain, this flaw enables zero-click RCE exploitation.
Cybersecurity researchers at Akamai recently unveiled that PoC was released for critical zero-click Windows vulnerability.
In addition to Outlook, File Explorer may trigger that flaw, increasing the attack surface.
This finding demonstrates the need for ongoing security evaluations, even in fixed components, to effectively recognize and handle emerging dangers.
Document
Stop Advanced Phishing Attack With AI
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
Microsoft’s March 2023 Patch Tuesday addressed the critical CVE-2023-23397 Outlook vulnerability, exploited in the wild by the Russian state-sponsored threat actor “Forest Blizzard.”
The flaw allowed remote, zero-click NTLM credential theft for relay attacks.
After patching, researchers discovered two bypasses and a parsing vulnerability that, when chained, enabled a full zero-click remote code execution (RCE) primitive against the Outlook client.
This highlights the importance of comprehensive vulnerability analysis, as patched components can still hold exploitable flaws requiring additional mitigations, especially against determined, state-backed threat actors continuously probing for new attack vectors.
The patch for Outlook’s CVE-2023-23397 introduced a call to MapUrlToZone that validated the PidLidReminderFileParameter URL, which helps in mitigating the initial flaw but creates a new attack surface.
Also, CreateUri is called from within MapUrlToZone and enables attackers to control the parsed path. CrackUrlFile is called by CreateUri when it handles file paths, eventually leading to exploitation.
It should also be noted that while addressing some vulnerability at one point, this patch at the same time opened another door for potential abuse due to failure in fully validating untrusted inputs across all code paths.
These findings demonstrate how crucial comprehensive security reviews during patch development are to prevent new vulnerabilities from being introduced into systems.
At the beginning of CrackUrlFile, it converts a URL into a Windows path using PathCreateFromUrlW.
It marks the buffer as dynamically allocated, and for the Windows paths, it just works without freeing the pointer. The buffer may be advanced during parsing to handle local device paths and remove duplicated backslashes.
To trigger this vulnerability, use a file scheme URL with a UNC path and mark this path as a drive path.
In the fixed code, RtlMoveMemory now copies bytes from the path component. Here’s the full path to trigger the vulnerability:-
file://./UNC/C:/Akamai.com/file.wav
In this study, the Akamai researchers explored a method of making Windows Explorer vulnerable through a shortcut (.lnk file) to an insecure path.
When the victim views the directory containing the shortcut, Explorer crashes immediately.
These findings highlight how crucial it is to analyze patches for any possible bypasses, as there may also be other MapUrlToZone bypasses.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
The post PoC Released For Critical Zero-Click Windows Vulnerability appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Top 11 Best DNS Filtering Solutions – 2023
Before you know about DNS Filtering Solutions, you need to understand that it is a concept that comes in the first place.
In this digital world, cybersecurity is essential, and this is a big concern now.
Cyber-attacks are happening everywhere in the world, so you not only need to save your company, even you need to save your employees and team members too.
DNS filtering is only a great solution to get the correct web gateway against cyber risks. Now you might be wondering what DNS filtering is.
DNS filtering is a technique that blocks the access of a particular website, IP address, and web pages.
This works like an internet phonebook, where you only need to enter and access the site domain name. This process makes your access smooth.
While entering the domain name, it asks you for the IP address and redirects you to the site.
It ensures a secure network that allows more control of internet accessibility, which prevents cyberattacks and gives you better productivity. DNS filtering evaluates your web traffic (incoming and outgoing), and only safe traffic is allowed to enter the network.
This filtering process can be done in any categorized site like social media sites, news, illegal site, inappropriate site, phishing campaigns, malicious sites, etc.
Due to this pandemic situation, any business is offering work from home option, so to keep safe your business we have a few best DNS Filtering Solutions.
DNS Filtering SolutionsFeatures1. Perimeter 811. Secure remote access
2. Zero-trust network architecture
3. Software-defined perimeter
4. Multi-factor authentication
5. Centralized management2. Open DNS1. DNS-based web filtering
2. Malware and botnet protection
3. Phishing and scam protection
4. Content filtering
5. Customizable security categories3. Cloudflare Gateway1. Secure DNS filtering
2. Web filtering and content controls
3. Malware and phishing protection
4. Threat intelligence integration
5. Granular policies and controls4. DNSFilter1. DNS-based web filtering
2. Malware and phishing protection
3. Content filtering and parental controls
4. URL categorization and blocking
5. Threat intelligence integration5. SafeDNS1. DNS-based web filtering
2. Malware and phishing protection
3. Content filtering and URL blocking
4. Customizable security policies
5. Whitelisting and blacklisting6. Webroot1. Endpoint protection
2. Threat intelligence
3. Behavioral analysis
4. Real-time updates
5. Lightweight client7. DNSCyte1. DNS-based web filtering
2. Malware and phishing protection
3. Content filtering and URL blocking
4. Category-based website blocking
5. Customizable security policies8. Cisco Umbrella1. DNS-based security
2. Web filtering and content controls
3. Threat intelligence integration
4. Secure web gateway
5. Cloud-delivered architecture9. CIRA DNS Firewall1. DNS-based security
2. Malware and phishing protection
3. Botnet protection
4. Content filtering and URL blocking
5. Threat intelligence integration10. MXToolbox1. DNS lookup and diagnostics
2. Email deliverability testing
3. Blacklist monitoring
4. SPF, DKIM, and DMARC analysis
5. SMTP server testing11. ScoutDNS1. DNS-based web filtering
2. Malware and phishing protection
3. Content filtering and URL blocking
4. Threat intelligence integration
5. Customizable security policies
Perimeter 81
Open DNS
Cloudflare Gateway
DNSFilter
SafeDNS
Webroot
DNSCyte
Cisco Umbrella
CIRA DNS Firewall
MXToolbox
ScoutDNS
Perimeter 81
One of the best DNS Filtering services is Perimeter 81.
It blocks access to malicious sites and prevents phishing attacks.
The most powerful feature of the tool is the dynamic category-based filtering which lets IT restrict or completely block out harmful sites such as gambling, social media, malware, and adult content.
Users will receive alerts that the content they attempted to access has been blocked.
You also have total control over what sites employees can access for safer browsing across your network and you can increase your employees’ productivity by restricting access to time-wasting sites such as social media.
Perimeter 81’s DNS Filtering tool is compatible with Windows, Mac, and Linux.
Perimeter 81 enables secure access to your network resources from anywhere, allowing employees to connect to the company’s network remotely without compromising security.
It follows a Zero Trust security approach, which verifies and authorizes every user and device before granting access to network resources.
It implements the SDP framework, which replaces traditional VPN solutions with a more secure and scalable architecture.
It supports multi-factor authentication, adding an extra layer of security to the authentication process. .
It offers a user-friendly cloud management platform that allows administrators to manage and monitor the network and user access easily.
ProsConsEnhanced SecurityReliance on Internet ConnectionEasy DeploymentSubscription-based ModelScalabilityLimited Control Over InfrastructureGeographical FlexibilityIntegration Challenges
Perimeter 81 – Trial / Demo
Open DNS
You can safeguard your business network by using Open DNS, which includes filtering that safeguards your network from malicious websites and adult content.
According to research one in every three public grade schools in the US is using OpenDNS.
It also delivers a faster Internet, any device connected with Open DNS will be protected from various threats.
Open DNS network process estimates around 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.
OpenDNS provides protection against various internet threats, including malware, botnets, phishing, and ransomware.
It allows administrators to enforce content filtering policies to regulate and control the types of websites that users can access.
It acts as a secure web gateway, providing protection against web-based threats.
It incorporates advanced phishing protection mechanisms to detect and block phishing attempts.
It offers an intelligent proxy feature that allows organizations to control and monitor web traffic more granularly.
ProsConsImproved SecurityLimited GranularityContent FilteringFalse Positives/NegativesFaster Internet ExperienceDNS requests are processed by their serversEasy Implementation
DNSFilter
It has the capacity to safeguard your employee from malware and phishing threats.
This detects the threat and kills them and provides the enterprise-level filter and protection.
This is the cloud-based DNS filter that protects your business and prevents intrusion.
It provides an international network that gives you the best scale and durability.
It helps K-12 and university networks it can comply with CIPA.
They can control at a time 30 data canter from the various part of the globe.
As soon as you enter the data, it gets started within a minute.
You can block anything through this, like instant messaging, social sites, adult content, etc.
For any reported problem, it gives an immediate troubleshooting solution.
DNSFilter allows organizations to implement web filtering policies to control access to websites and online content.
It utilizes real-time threat intelligence to identify and block access to websites hosting malware or engage in phishing attacks.
It enables content filtering by allowing organizations to block access to specific categories of websites.
It secures DNS queries and protects against DNS-based attacks, such as DNS hijacking or DNS spoofing.
It provides detailed reporting and analytics on internet usage, allowing administrators to gain insights into users’ browsing activities and potential security threats.
ProsConsAdvanced Threat ProtectionDependency on DNSGranular Content FilteringPotential False Positives/NegativesCustom Block Lists and WhitelistingSingle Point of FailureFast and Reliable DNS ResolutionSubscription-based Model
Cloudflare Gateway
It makes slow down your site by centralizing the firewall and controlling traffic.
This type of advanced technology provides comprehensive security with the best performance.
You get the threats like phishing campaigns and crypto-mining.
Through SSL inspection, you can control. You can also stop downloading other harmful files.
Any threat which can come from the site, you can easily block that.
This gateway also shows you unapproved SaaS application usage.
It offers a wider sneak peek at web traffic, and it can be used in any location.
Cloudflare Gateway enables organizations to enforce web filtering policies to control and manage access to websites and online content.
It leverages threat intelligence and machine learning algorithms to detect and block access to websites hosting malware or engaging in phishing attacks.
It uses DNS filtering to block access to malicious domains and known threat sources.
In addition to blocking malicious content, Cloudflare Gateway allows organizations to implement content filtering policies to restrict access to certain types of content.
It supports SSL/TLS inspection, allowing organizations to inspect and analyze encrypted web traffic.
ProsConsScalable and Global InfrastructureDependency on Cloudflare’s InfrastructureSecure Web AccessFalse Positives/NegativesThreat IntelligenceLimited GranularityUnified Dashboard and Analytics
Cloudflare Gateway – Trial / Demo
SafeDNS
This is another good option that makes your security strong.
It also protects your internal network by controlling your Wi-Fi hotspots and gives you safe online browsing.
It also protects large public events, and it makes sure that nothing could break due to heavy traffic.
It categorized the database and gave you a cloud-based filtering service.
This system is automatic and detects botnets and malware quickly.
It automatically blocks adult content and also other harmful content.
It maintains BGP protocol, and this server provides faster access to everything.
SafeDNS allows organizations to implement web filtering policies to control access to websites and online content.
It utilizes real-time threat intelligence and anti-malware databases to identify and block access to websites hosting malware or involved in phishing attacks.
It enables content filtering by allowing organizations to block access to specific categories of websites.
It actively detects and blocks connections to known Command and Control (C&C) servers used by botnets.
It includes a DNS firewall that protects against DNS-based attacks, such as DNS hijacking or DNS amplification attacks. It detects and blocks suspicious or malicious DNS queries, ensuring secure and accurate DNS resolution.
ProsConsWeb Content FilteringSingle Point of FailureMalicious Website BlockingLimited GranularityCustomizable Filtering PoliciesPotential False Positives/NegativesFast DNS Resolution
Webroot
If you get complete visibility and safeguard your DNS network, then Webroot is best.
It enforces the internet so that it can reduce security risks.
This full cloud base service takes a few minutes to deploy.
You may get many threats in your business that you can solve by configuring some policies like IP address, device, and group.
It automatically controls the dangerous site.
It consists of DoH and IPv6, which help to prepare the next-gen internet and protocols.
You can safeguard your security, admin control, privacy, visibility, etc. This network is spread to more than 16 global locations.
Webroot offers advanced endpoint protection solutions that protect devices such as desktops, laptops, and servers from malware, ransomware, and other threats.
Webroot provides secure web browsing features that protect users from accessing malicious websites.
Webroot’s DNS Protection feature protects against DNS-based attacks and provides an additional layer of security for web browsing. .
Webroot leverages its extensive threat intelligence network to monitor and analyze the global threat landscape continuously.
Webroot’s security solutions include advanced threat detection capabilities.
ProsConsLightweight and FastLimited FeaturesEffective Malware DetectionDependency on Internet ConnectivityWeb-based Management ConsoleManagement Console ComplexityReal-time Threat Intelligence
DNSCyte
CyberCyte cloud-based security has leveraged machine learning capacity, which blocks online threats immediately.
It can protect huge databases with intelligence to work against any malicious activities.
It does not allow you to reach any harmful request to the IP address and protects you from pre and post-infection.
It also provides tight security to your ports and protocols.
The DNS server is so vital for the corporate network that it receives queries before local DNS.
After doing the complete analysis, it sends to the local DNS. It handles the categorization and identification of the traffic.
DNSCyte provides robust management capabilities to easily configure and manage DNS records, including A, CNAME, MX, TXT, and more.
It offers DNS filtering capabilities to enforce content restrictions, block malicious websites, and prevent access to inappropriate or unsafe content.
It provides detailed analytics and reporting on DNS traffic, allowing you to gain insights into DNS usage patterns, identify potential security threats, and optimize network performance.
It allows you to create and manage blacklists to block specific domains or IP addresses, preventing access to known malicious or unwanted websites.
It enables the creation and management of whitelists to explicitly allow access to approved domains or IP addresses, enhancing security and control over network access.
ProsConsEnhanced SecurityFalse Positives/NegativesContent FilteringDependency on DNSReporting and AnalyticsSingle Point of Failure
Cisco Umbrella
This tool helps you manage internet access and keeps your organization safe by controlling DNS filtering, request, blocks, SafeSearch browsing, etc.
It can control 80+ categories and provides complete control where you can select the mode like high, low, and moderate settings. You can also customize your list based on the requirements.
It also allows bulk uploads and unlimited entries to make easy admission. You can also filter YouTube, Bing, and Google, but you must ensure users can access productive information only.
Cisco Umbrella offers DNS security by blocking access to malicious domains and preventing connections to known threat sources.
It acts as a secure web gateway, protecting against web-based threats.
It includes a cloud-based firewall that provides granular control over network traffic.
It integrates with various threat intelligence feeds and security platforms to enhance its threat detection capabilities.
It offers an intelligent proxy feature that allows organizations to enforce policies for specific websites or categories.
ProsConsDNS-Based ProtectionComplexity and Learning CurveGlobal Threat IntelligencePricing and LicensingSecure Web AccessDependency on Internet ConnectivityIntegration with Cisco Security Solutions
CIRA DNS Firewall
This is the Canadian Cybersecurity system that delivers protection against malware.
It also blocks the access of malicious websites through the DNS layer.
It combines advanced data science, providing a global network that detects threats and manages critical infrastructure to deliver a cost-effective result.
It also provides multiple additional feeds, which show you in-depth if you have a threat.
On average, it blocks 100,000 net new malicious URLs every day.
It can control everything, and within 14 minutes, it can detect the threat.
The CIRA DNS Firewall enables organizations to implement DNS filtering policies to control website access and online content.
It utilizes real-time threat intelligence to detect and block connections to malicious websites hosting malware or involved in phishing attacks.
It actively detects and blocks connections to known Command and Control (C&C) servers used by botnets.
It provides comprehensive analytics and reporting capabilities
It integrates with various threat intelligence feeds and security platforms to enhance its threat detection capabilities.
ProsConsEnhanced SecurityLimited Feature SetCanadian Data SovereigntyDependency on DNSReal-time Threat IntelligenceGranularity LimitationsSimple Implementation
CIRA DNS Firewall – Trial / Demo
MXToolbox
This is one of the best DNS Filtering Solutions for email delivery. It has over a decade’s experience in delivering email, whether a small or big company.
This works as a delivery center that gives a comprehensive service where it understands the email and ‘From’ your domain.
It also searches the sender’s Ips and Geolocation of the sender.
If it feels that it is fake, it blacklists the sender and it also provides a few verifications like SPF, DKIM and DMARC.
This will maintain your email by increasing the deliverability and monitoring those so that you can control the mail.
MXToolbox provides various DNS-related tools, such as DNS lookup, DNS traversal, DNS record verification, and reverse DNS lookup. These tools help you analyze and troubleshoot DNS configurations for domains.
You can perform email delivery tests using MXToolbox, which includes checking SMTP server availability, verifying email server configurations, testing email delivery to specific addresses, and checking for common email delivery issues.
MXToolbox allows you to check if your IP address or domain is listed on any major email blacklists.
SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are email authentication mechanisms.
MXToolbox offers SMTP diagnostics, allowing you to test SMTP connectivity, perform SMTP banner checks, check SMTP TLS settings, and simulate sending an email via SMTP.
ProsConsBlacklist MonitoringUser Interface ComplexityEducational ResourcesLimited AutomationEmail Deliverability MonitoringDependency on External ServicesComprehensive ToolsetLack of Real-time Monitoring
ScoutDNS
This is a cloud-based content filtering option where it protects your database from malware.
It mainly operates through DNS Layer.
This is a very powerful domain in which content data feeds and DNS layer insights.
It understands the network administrator so that it can innovatively protect its network.
ScoutDNS is so much powerful that it identifies the threats and protects your system from DNS layer threats.
ScoutDNS provides advanced content filtering capabilities that allow you to block access to specific categories of websites or individual URLs.
It actively blocks access to known malicious websites, preventing users from visiting sites that may contain malware or be involved in phishing attempts.
It enforces safe search settings for popular search engines, such as Google, Bing, and Yahoo.
By leveraging DNS (Domain Name System), ScoutDNS provides an additional layer of security at the DNS level.
It offers detailed reporting and analytics features to help administrators monitor and gain insights into network activity.
ProsConsEnhanced SecurityFalse Positives and NegativesContent FilteringOverblocking or UnderblockingCustomization and FlexibilityLimited Network-level ControlEasy Deployment and Management
Due to this article, you have got a better idea about DNS Filtering Solutions and its importance.
Hence, without wasting any of your time, you implement this tool and save your business.
This tool only can give you better productivity.
Also, Read
Top 10 Dangerous DNS Attacks Types and The Prevention Measures
Top 10 Best Open Source Intelligence Tools (OSINT Tools) for Penetration Testing
The post Top 11 Best DNS Filtering Solutions – 2023 appeared first on Cyber Security News.
Cyber Security News