Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.
Meanwhile during the U.S. Government shutdown ...

DHS: Multiple US gov domains hit in serious DNS hijacking wave

Amid a partial shutdown, DHS gives admins 10 business days to lock down their DNS.

The Department of Homeland Security has issued an emergency directive ordering administrators of most federal agencies to protect their Internet domains against a rash of attacks that have hit executive branch websites and email servers in recent weeks.

The DHS' Cybersecurity and Infrastructure Security Agency (CISA) issued the directive on Tuesday, 12 days after security firm FireEye warned of an unprecedented wave of ongoing attacks that altered the domain name system records belonging to telecoms, ISPs, and government agencies. DNS servers act as directories that allow one computer to find other computers on the Internet. By tampering with these records, attackers can potentially intercept passwords, emails, and other sensitive communications.

"CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them," CISA Director Christopher C. Krebs wrote in Wednesday's emergency directive.

Homeland Security Press Releases


The emergency directive, which carries more urgency than DHS's more-common Binding Operational Directives, requires agencies to add multi-factor authentication to their DNS accounts, change account passwords, audit their DNS records, and monitor certificate logs, according to the order. Agencies have 10 business days to implement those instructions.

Agencies can manage their DNS records in-house, outsource the work to a commercial provider, or have a mix of both. The directive makes clear that agencies will ultimately be held accountable for their domain-name security policies, regardless of where they maintain their DNS accounts.

The DHS order follows research published earlier this month by cybersecurity company FireEye, showing how hackers were manipulating DNS records to divert a target's traffic through malicious servers. The campaign was aimed at organizations in the Middle East, North Africa, Europe, and North America, including government and commercial organizations.  FireEye researchers asserted with "moderate confidence" that people based in Iran carried out that DNS hijacking, and that the "activity aligns with Iranian government interests."

There is also mention in The Netherlands of an advanced phishing technique ...

Modlishka - The New Phishing Tool that Targets 2FA

Global Warming - distance between America and Europe is steadily increasing.

by Oui on Sat Jan 26th, 2019 at 12:23:15 PM EST

Others have rated this comment as follows:

Cat 4


Occasional Series