dns

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the “Sea Turtle” DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our i…

In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control(C2). Since then, there have been several other public reports of addi…

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign,…

This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company. Based on our research, it’s clear that…

For years, we’ve been pioneering the use of DNS to enforce security. We recognized that DNS was often a blind spot for organizations and that using DNS to enforce security was both practical and effective. Why? Because DNS isn’t optional. It’s foundational to how the internet works and and is used b…

As an organization, providing secure guest and corporate Internet access at the branch can be a major challenge. Not only do you have to protect the enterprise, you also have to protect your customer. Protection is good… but it also needs to be simple to deploy, easy to manage, and integrates seamle…

Defense in depth is a well understood and widely implemented approach that can better secure your organization’s network. It works by placing multiple layers of defense throughout the network to create a series of overlapping and redundant defenses. If one layer fails, there will still be other defe…

[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring D…

Modern demands  in virtualization, cloud, and the Internet of Things are shifting the network landscape and require advanced solutions to manage critical network services across physical, virtual, and cloud environments. Recently, I had the opportunity to speak with InfoBlox’s Chief Technology…