Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains

January 23, 2019
in Internet Privacy
DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

The U.S. Department of Homeland Security (DHS) has today issued an “emergency directive” to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, which security researchers with “moderate confidence” believe originated from Iran.

Domain Name System (DNS) is a key function of the Internet that works as an Internet’s directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com).

What is DNS Hijacking Attack?

DNS hijacking involves changing DNS settings of a domain, redirecting victims to an entirely different attacker-controlled server with a fake version of the websites they are trying to visit, often with an objective to steal users’ data.

“The attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls,” the DHS advisory reads.

The threat actors have been able to do so by capturing credentials for admin accounts that can make changes to DNS records. Since the attackers obtain valid certificates for the hijacked domain names, having HTTPS enabled will not protect users.

“Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data,” the directive reads.

Recent DNS Hijacking Attacks Against Government Websites

Earlier this month, security researchers from Mandiant FireEye reported a series of DNS hijacking incidents against dozens of domains belonging to the government, internet infrastructure, and telecommunications entities across the Middle East and North Africa, Europe and North America.

The DHS advisory also states that the “CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.”

At the end of last year, researchers at Cisco Talos also published a report of a sophisticated malware attack that compromised domain registrar accounts for several Lebanon and the United Arab Emirates (UAE) government and public sector websites.

DHS Orders Federal Agencies to Audit DNS Security for Their Domains

The DHS orders federal agencies to:

  • audit public DNS records and secondary DNS servers for unauthorized edits,
  • update their passwords for all accounts on systems that can be used to tamper DNS records,
  • enable multi-factor authentication to prevent any unauthorized change to their domains, and
  • monitor certificate transparency logs.

For those unaware, Certificate Transparency (CT) is a public service that allows individuals and companies to monitor how many digital certificates have been issued by any certificate authority secretly for their domains.

The Cyber Hygiene service of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will also begin a regular delivery of newly added certificates to CT log for US federal agency domains.

Once the CISA starts distributing these logs, government agencies are required to immediately begin monitoring their CT log data for issued certificates that they did not request. If any agency found any unauthorized certificate, it must be reported to the issuing certificate authority and the CISA.

Agencies, except the Department of Defense, the Central Intelligence Agency (CIA) and the Office of the Director of National Intelligence, have 10 days to implement the directives.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

[New Book] Unblocked: How Blockchains Will Change Your Business

Next Post

Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency

Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021
  • Key Company Profile, Production Revenue, Product Picture and Specifications 2025 February 28, 2021
  • Cybercrime groups are selling their hacking skills. Some countries are buying February 28, 2021
  • Machine Learning May Reduce Mental Health Misdiagnosis February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates