dns
Sea Turtle Keeps on Swimming
By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the “Sea Turtle” DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our i…
DNSpionage brings out the Karkoff
In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control(C2). Since then, there have been several other public reports of addi…
DNS Hijacking Abuses Trust In Core Internet Service
This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign,…
DNSpionage Campaign Targets Middle East
This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it’s clear that…
Debunking the myths of DNS security
For years, we’ve been pioneering the use of DNS to enforce security. We recognized that DNS was often a blind spot for organizations and that using DNS to enforce security was both practical and effective. Why? Because DNS isn’t optional. It’s foundational to how the internet works and and is used b…
Cisco Umbrella Branch: the Fastest, Easiest Security for Branches
As an organization, providing secure guest and corporate Internet access at the branch can be a major challenge. Not only do you have to protect the enterprise, you also have to protect your customer. Protection is good… but it also needs to be simple to deploy, easy to manage, and integrates seamle…
Detection in Depth
Defense in depth is a well understood and widely implemented approach that can better secure your organization’s network. It works by placing multiple layers of defense throughout the network to create a series of overlapping and redundant defenses. If one layer fails, there will still be other defe…
Overcoming the DNS “Blind Spot”
[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring D…
ACI and Infoblox DDI Deliver Highly Automated, Secure, Reliable Core Network Services
Modern demands in virtualization, cloud, and the Internet of Things are shifting the network landscape and require advanced solutions to manage critical network services across physical, virtual, and cloud environments. Recently, I had the opportunity to speak with InfoBlox’s Chief Technology…