est.social

1 postitusega1 osalejaga0 postitust täna

Infoblox Threat IntelGoing to RSA? We’re giving a 2 hour hands-on learning lab on traffic distribution systems (TDS). Malicious actors use these to hide their activity from security teams and deliver tailored content to victims. Not going to RSA? We’ve written a number of articles on this topic (some included below) and we’re happy to answer questions about TDSs here on Mastodon. <a href="https://blogs.infoblox.com/threat-intelligence/from-click-to-chaos-bouncing-around-in-malicious-traffic-distribution-systems/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/from-click-to-chaos-bouncing-around-in-malicious-traffic-distribution-systems/</a> <a href="https://www.infoblox.com/resources/webinars/dns-threat-briefing-q1-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infoblox.com/resources/webinars/dns-threat-briefing-q1-2025/</a> <a href="https://www.infoblox.com/resources/webinars/traffic-distribution-systems-at-the-heart-of-cybercrime/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infoblox.com/resources/webinars/traffic-distribution-systems-at-the-heart-of-cybercrime/</a> <a href="https://www.infoblox.com/resources/webinars/the-big-ruse/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infoblox.com/resources/webinars/the-big-ruse/</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/RSAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RSAC</a> <a href="https://infosec.exchange/tags/RSAC25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RSAC25</a>

Infoblox Threat IntelOne of our researchers recently received a text from an unknown number saying they were eligible to receive a full refund for an Amazon order. The message contained a link to a URL on t[.]co, Twitter/X's link shortener. Clicking the link led to the domain 267536[.]cc, which hosted an Amazon phishing page.From this lead, we were able to find many more domains hosting the same content. The actor registering the domains seems to like .cc, the country code TLD for the Cocos Islands.Sample of the domains: 236564[.]cc 267536[.]cc 671624[.]cc 687127[.]cc 319632[.]cc<a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sms</a> <a href="https://infosec.exchange/tags/smishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smishing</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a>

Infoblox Threat IntelMalicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware. Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments. One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records. Block these:user2ilogon[.]es viewer-ssa-gov[.]es wellsffrago[.]com nf-prime[.]com deilvery-us[.]com wllesfrarqo-home[.]com nahud[.]com. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/ssa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssa</a>

Infoblox Threat IntelLast week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens. Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies. Here are a few samples of the domains:- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil. - creo--ia[.]com Lookalike for an industrial fabrication firm in WA State. - admiralsmetal[.]com Lookalike for US based metals provider. - ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor. - elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/dod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dod</a>

Christoffer S.(infoblox.com) Morphing Meerkat: Advanced Phishing-as-a-Service Platform Using DNS MX Records for Tailored Attacks <a href="https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/</a>This report details the discovery of a sophisticated Phishing-as-a-Service (PhaaS) platform called 'Morphing Meerkat' that has been operating for at least five years. The platform leverages DNS mail exchange (MX) records to dynamically serve fake login pages tailored to victims' email providers, spoofing over 100 brands. The threat actor behind this operation sends thousands of spam emails, primarily through specific ISPs, exploits open redirects on adtech infrastructure, compromises WordPress sites, and uses multiple credential exfiltration methods including Telegram. The phishing kit includes advanced evasion techniques such as code obfuscation, anti-analysis measures, and dynamic translation capabilities supporting over a dozen languages to target users globally.<a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/Infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infoblox</a> <a href="https://swecyb.com/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhaaS</a> <a href="https://swecyb.com/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://swecyb.com/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://swecyb.com/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wordpress</a>

Viimatised otsingud

Otsimisvalikud

Administraator:

Serveri statistika:

#infoblox