mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Server stats:

9.7K
active users

#pdns

0 posts0 participants0 posts today

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa

Last week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens.

Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies.

Here are a few samples of the domains:

- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil.
- creo--ia[.]com Lookalike for an industrial fabrication firm in WA State.
- admiralsmetal[.]com Lookalike for US based metals provider.
- ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor.
- elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #phishing #malware #scam #dod

Dear Fediverse,

PowerDNS-Admin appears to be deprecated in favour of pda-next which hasn't seen any work in nigh on a year. NixOS is keeping it limping along; but there're more and more cracks appearing.

Does anyone have a recommendation for an alternative web interface for administering PowerDNS ?

Glad to see that Verisign plans ahead for a #DNSSEC algorithm rollover for the com. TLD. The plan is to discard algorithm 8 (RSA/SHA256) and instead deploy algorithm 13 (ECDSA/SHA-256). Great to see that the largest TLD of planet earth moving towards algorithms with smaller key sizes.

I checked my #pdns database of my public resolvers. To give a comparison for the size reduction (and the reduction of DNS R/A potential):

com., signed with algorithm 8 returned close to 936 bytes of data.
nl., signed with algorithm 13 returns 289 bytes of data.

This is a reduction of ~70% of the response sizes for DNSSEC validation.

The rollover is to be expected on or around December 07. More on it in their blog.

Verisign Blog · Verisign Will Help Strengthen Security with DNSSEC Algorithm Update - Verisign BlogAn important security enhancement will change the algorithm Verisign uses to sign top-level domains (TLDs) with Domain Name System Security Extensions (DNSSEC).

in case you missed it on the bird website. I've written a funky little chrome plugin (other browsers coming soon) that will harvest your DNS requests out of your browser and fire them to an API which in turn will log them in Elasticsearch all local, but could be turned into something much much better.

I'm looking to go down the road of a crowd pDNS collection platform that respects privacy by doing as much as possible to separate you from your data, no email/phone based accounts, submissions over a baked in Tor client and the ability to filter hosts out by keywords before anything is pushed to the API (this already exists, right click > options)

There is scope to write a couple of binary clients to pop a collector on your egress firewalls or even your Android device

github.com/olihough86/pdnscoll

tags

GitHubGitHub - olihough86/pdnscollect: Browser extension and local listener PoC for collecting your own DNS data while browsingBrowser extension and local listener PoC for collecting your own DNS data while browsing - GitHub - olihough86/pdnscollect: Browser extension and local listener PoC for collecting your own DNS data...