The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.

The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek.

The recent FBI-led operation to knock Russian government hackers off routers sought to topple an especially insidious and threateningly contagious cyberespionage campaign, top bureau cyber official Brett Leatherman told CyberScoop.

Researchers, along with U.S. and foreign government agencies, revealed details of the campaign this week by which APT28 — also known as Forest Blizzard or Fancy Bear, and attributed to Russia’s Main Intelligence Directorate of the General Staff (GRU) — compromised more 18,000 TP-Link routers and infiltrated more than 200 organizations worldwide. 

The compromise of routers used in small and home offices prompted the takedown operation, Operation Masquerade, which involved sending commands to the routers to reset Domain Name System (DNS) settings to prevent the hackers from exploiting that access.

“What’s unique to me in this one is that when you change the internet settings in a router like they did, it propagates to all the devices in your house,” Leatherman, assistant director of the FBI’s cyber division, said. “All those devices now, once they’re connected to that Wi-Fi, are getting the malicious IP addresses that they are then routing their traffic through, and it gives the Russian GRU tremendous access to the content offered through a router itself.”

“The difficulty in an attack like this is that it’s virtually invisible to the end users,” he said. “Actors were not deploying malware like we often see. And so when you think about endpoint detection on your computer or something like that, it’s not seeing that activity because they don’t have to. They’re using the tools on the router itself to capture your internet traffic and extend it  throughout the house, and so traditional tools that detect that activity [are] just not there.”

The disruption operation is in line with the cyber strategy the Trump administration published last month, with its emphasis on going on offense against malicious hackers and protecting critical infrastructure, Leatherman said.

The FBI understands its role in implementing that strategy, he said, and worked with the Office of the National Cyber Director and other agencies in developing it. The White House has kept the public and Capitol Hill in the dark about strategy implementation, however.

“We’ve got a long track record of leveraging unique authorities and capabilities to counter these actors, to impose costs, and through the 56 field offices to really defend critical infrastructure,” Leatherman said. “That’s part of our DNA, really. And so we want to make sure that we continue to align that in the most scalable and agile way we can, to align with the priorities of the strategy itself.”

Leatherman traced how Operation Masquerade — the success of which he credited to the FBI’s Boston offices and partnerships with the private sector and foreign governments — fits into a series of disruptions aimed at Russian government hackers dating back to 2018.

That’s when the bureau took on the VPNFilter botnet by seizing a domain used to communicate with infected routers. In 2022, the FBI took on the Cyclops Blink botnet, and in 2024, Operation Dying Ember went after another botnet.

“”Over the course of those four operations, while the adversary continued to evolve in their tradecraft, so did we,” Leatherman said. “We moved from just sinkholing domains to actually taking steps that block them at the door of these routers, pulled any capability off of those routers so they were no longer able to collect the sensitive information, and then prohibited them from getting back in.”

The post Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’ appeared first on CyberScoop.

Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers.

The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators.

Google said on Thursday that Lighthouse had been shut down. Two other organizations that have tracked the suspected Chinese operators of Lighthouse said they saw signs it had at least been disrupted.

“This shut down of Lighthouse’s operations is a win for everyone,” said Halimah DeLaine Prado, general counsel at Google. “We will continue to hold malicious scammers accountable and protect consumers.”

Members of the syndicate, known to some by the name Smishing Triad, had been corresponding on Telegram channels.

“We can confirm that all Lighthouse Telegram channels previously tracked have been deleted or taken down due to Telegram TOS violations,” Kasey Best, the director of threat intelligence at Silent Push, told CyberScoop. “We are tracking many websites still active and using Lighthouse kit code, as well as phishing kits used by other Smishing Triad threat actors, but there could be backend changes with Lighthouse or other disruptions in this criminal ecosystem which are just starting to be seen.

“Either way, this is a positive sign for Google’s lawsuit, and we look forward to increased pressure against smishing threat actors based mostly in China,” Best continued.

Ford Merrill, lead researcher at SecAlliance, told CyberScoop that it “can confirm that several domains historically associated with Lighthouse infrastructure appear to no longer be resolving to DNS requests at present.”

Google filed its lawsuit in the U.S. District Court for the Southern District of New York. They allege that 25 unnamed individuals behind Lighthouse have violated racketeering, trademark and anti-hacking laws with their prolific SMS phishing, or “smishing,” platform.

The post Google, researchers see signs that Lighthouse text scammers disrupted after lawsuit appeared first on CyberScoop.

Melissa Bruno // So you have an Internet-facing DNS server. Maybe you decided to set one up at home for fun, or your company has one that works with other […]

The post Do You Know If Your DNS Server Can Be Used For DDoS Attacks? appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) 2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate […]

The post Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail – eavesarp (Tool Overview) appeared first on Black Hills Information Security, Inc..

Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]

The post Tap Into Your Valuable DNS Data appeared first on Black Hills Information Security, Inc..

Rick Wisser // All right, you’ve taken all the precautions related to your network. You have lockout controls in place, you use awesome password policies (20 characters with uppercase, lowercase, […]

The post Are you Snoopable?! appeared first on Black Hills Information Security, Inc..