DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality.
What is DNS?
The Domain Name System (DNS) “translates” human-readable domain names into IP addresses and back, and is essential for accessing websites.
Most users use DNS resolver services provided by their internet service provider (because they are automatically configured) or a public DNS provider like Google or Cloudflare.
DNS4EU is meant to be a resilient, fast, reliable, secure, privacy-friendly and EU-based alternative for those.
The goal of DNS4EU
DNS4EU is an initiative co-funded by the European Union and supported by the European Union Agency for Cybersecurity (ENISA), though the service is expected to be commercialised, “since it has to be sustainable without operational costs from the EU after 2025.”
It is developed and managed by a consortium of private cybersecurity companies, CERTs, and academic institutions from 10 European Union countries, with Czech cybersecurity company Whalebone as its leader.
“The DNS4EU initiative aligns with the EU’s strategic goal of enhancing its digital autonomy by providing an alternative to the existing public DNS services provided by non-european entities,” says the group.
Large-scale phishing attacks use DoH and DNS MX records to dynamically serve fake login pages
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for…
We recently performed research that started off "well-intentioned" (or as well-intentioned as we ever are) - to make vulnerabilities in WHOIS clients and how they parse responses from WHOIS servers exploitable in the real world (i.e. without needing to MITM etc).
As part of our research, we discovered that a few years ago the WHOIS server for the .MOBI TLD migrated from whois.dotmobiregistry.net to whois.nic.mobi – and the dotmobiregistry.net domain had been left to expire seemingly in December 2023.
Vint Cerf revealed Google already uses the string, as do plenty of others
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars,…
TuDoor is a new DNS attack, which could be exploited to carry out DNS cache poisoning, denial-of-service, and resource consuming.
DNS can be compared to a game of chess in that its rules are simple, yet the possibilities it presents are endless. While the fundamental rules of DNS are straightforward, DNS implementations can be extremely complex. In this study, we intend to explore the complexities and vulnerabilities in DNS response pre-processing by systematically analyzing DNS RFCs and DNS software implementations.
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers.
On fait souvent remarquer que c'est pendant les pannes qu'on peut le mieux observer comment un système marche. Les perturbations qui affectent le serveur racine du DNS identifié par la lettre C sont donc l'occasion d'apprendre comment fonctionne ce système des serveurs racine.
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.
Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.
Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged GoogleAds to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites.
The newly discovered backdoor uses several techniques such as multiple stages of DLL sideloading, abusing the DNS protocol for communicating with the command-and-control (C2) server, and evading memory forensics security solutions. We named this backdoor “MadMxShell” for its use of DNS MX queries for C2 communication and its very short interval between C2 requests.
Learn how the threat actor Savvy Seahorse Facebook ads to lure users to fake investment platforms and leverages DNS to allow their attacks to persist for years.
he National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware.
This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.
La loi de programmation militaire prévoit que l'autorité n'aura pas besoin d'une décision de justice. Un contrôle sera réalisé a posteriori par l'Arcep.
A potentially precedent-setting legal case involving Sony Music and Quad9 may endanger internet freedom of speech and allow unchecked content censorship.
Hidden DNS resolvers and how to compromise your infrastructure
