<![CDATA[CircleID]]>

<?xml version="1.0" encoding="utf-8"?> <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/"> Third segment: dns-security <channel> <title><![CDATA[CircleID]]></title> <link>https://circleid.com/topics/dns-security</link> <description>CircleID - DNS Security</description> <dc:language>en</dc:language> <dc:rights>Copyright 2025, unless where otherwise noted.</dc:rights> <dc:date>2025-03-12T18:02:00+00:00</dc:date> <item> <title><![CDATA[Malicious Ads Targeting Advertisers in the DNS Spotlight]]></title> <link>https://circleid.com/posts/malicious-ads-targeting-advertisers-in-the-dns-spotlight</link> <guid isPermaLink="true">https://circleid.com/posts/malicious-ads-targeting-advertisers-in-the-dns-spotlight</guid> <description><![CDATA[Microsoft and Google almost always land on the list of most-phished brands, and that is not surprising given their huge market presence. And phishers are often the most likely threat actors to bank on the brands' popularity for the success of their attacks.]]></description> <dc:date>2025-03-21T12:05:00-07:00</dc:date> </item> <item> <title><![CDATA[The 2024-2026 Root Zone KSK Rollover: Initial Observations and Early Trends]]></title> <link>https://circleid.com/posts/the-2024-2026-root-zone-ksk-rollover-initial-observations-and-early-trends</link> <guid isPermaLink="true">https://circleid.com/posts/the-2024-2026-root-zone-ksk-rollover-initial-observations-and-early-trends</guid> <description><![CDATA[On Jan. 11, 2025, Verisign supported the Internet Corporation for Assigned Names and Numbers (ICANN) in taking a major step to ensure the continued security, stability, and resiliency of the Domain Name System (DNS). While imperceptible to most users, this action - specifically, the introduction of a new Domain Name System Security Extensions (DNSSEC) Key Signing Key (KSK) in the root zone - is the next step of a multi-year-long process to change, or "roll," the cryptographic key that secures the root of the DNS.]]></description> <dc:date>2025-03-19T11:29:00-07:00</dc:date> </item> <item> <title><![CDATA[Sneaking a Peek into the Inner DNS Workings of Sneaky 2FA]]></title> <link>https://circleid.com/posts/sneaking-a-peek-into-the-inner-dns-workings-of-sneaky-2fa</link> <guid isPermaLink="true">https://circleid.com/posts/sneaking-a-peek-into-the-inner-dns-workings-of-sneaky-2fa</guid> <description><![CDATA[Sneaky 2FA, believed to be sold via the phishing-as-a-service (PhaaS) business model, recently figured in an adversary-in-the-middle (AitM) attack targeting Microsoft 365 users. Marketed as Sneaky Log by a full-featured bot on Telegram, Sneaky 2FA reportedly used fake Microsoft authentication pages with automatically filled-in email address fields to add to its sense of authenticity.]]></description> <dc:date>2025-03-18T10:39:00-07:00</dc:date> </item> <item> <title><![CDATA[Unloading MintsLoader IoCs Using DNS Intelligence]]></title> <link>https://circleid.com/posts/unloading-mintsloader-iocs-using-dns-intelligence</link> <guid isPermaLink="true">https://circleid.com/posts/unloading-mintsloader-iocs-using-dns-intelligence</guid> <description><![CDATA[Several American and European organizations across the energy, oil and gas, and legal sectors were recently targeted by a campaign leveraging MintsLoader, a malware loader that delivers malicious software to a victim's device.]]></description> <dc:date>2025-03-10T13:52:00-07:00</dc:date> </item> <item> <title><![CDATA[DNS Spotlight: Rockstar2FA Shuts Down, FlowerStorm Starts Up]]></title> <link>https://circleid.com/posts/dns-spotlight-rockstar2fa-shuts-down-flowerstorm-starts-up</link> <guid isPermaLink="true">https://circleid.com/posts/dns-spotlight-rockstar2fa-shuts-down-flowerstorm-starts-up</guid> <description><![CDATA[It's not unusual for threat actors to pick up after fellow cyber attackers shut down their operations. Many of them still want to cause as much trouble without having to start from scratch - building their own malicious creations and infrastructure.]]></description> <dc:date>2025-03-08T09:56:00-08:00</dc:date> </item> <item> <title><![CDATA[DNS Deep Dive: Peeking into Back Doors to Abandoned but Live Backdoors]]></title> <link>https://circleid.com/posts/dns-deep-dive-peeking-into-back-doors-to-abandoned-but-live-backdoors</link> <guid isPermaLink="true">https://circleid.com/posts/dns-deep-dive-peeking-into-back-doors-to-abandoned-but-live-backdoors</guid> <description><![CDATA[watchTowr Labs investigated thousands of abandoned but live backdoors installed on various compromised sites to determine what data the original backdoor owners have stolen. They published their findings in "Backdooring Your Backdoors -- Another $20 Domain, More Governments" and, in the process, identified 34 domains as indicators of compromise (IoCs).]]></description> <dc:date>2025-03-03T09:55:00-08:00</dc:date> </item> <item> <title><![CDATA[DNS Insights on a Free Form Builder Service Phishing Campaign]]></title> <link>https://circleid.com/posts/dns-insights-on-a-free-form-builder-service-phishing-campaign</link> <guid isPermaLink="true">https://circleid.com/posts/dns-insights-on-a-free-form-builder-service-phishing-campaign</guid> <description><![CDATA[Unit 42 of Palo Alto Networks recently uncovered a phishing campaign targeting European companies to harvest victims' account credentials and take over their Microsoft Azure cloud infrastructure. According to their report, the phishing attempts leveraging the HubSpot Free Form Builder service peaked in June 2024.]]></description> <dc:date>2025-02-24T12:38:00-08:00</dc:date> </item> <item> <title><![CDATA[More Signs of the more_eggs Backdoor Found in the DNS]]></title> <link>https://circleid.com/posts/more-signs-of-the-more-eggs-backdoor-found-in-the-dns</link> <guid isPermaLink="true">https://circleid.com/posts/more-signs-of-the-more-eggs-backdoor-found-in-the-dns</guid> <description><![CDATA[Using resumes to fake job applications is not a novel social engineering lure for run-of-the-mill phishing campaigns. But utilizing the same tactic to launch a targeted attack isn't that common.]]></description> <dc:date>2025-02-20T07:58:00-08:00</dc:date> </item> <item> <title><![CDATA[Illuminating Lumma Stealer DNS Facts and Findings]]></title> <link>https://circleid.com/posts/illuminating-lumma-stealer-dns-facts-and-findings</link> <guid isPermaLink="true">https://circleid.com/posts/illuminating-lumma-stealer-dns-facts-and-findings</guid> <description><![CDATA[The Lumma Stealer, known for using the malware-as-a-service (MaaS) model, has figured in various campaigns targeting victims in countries like Argentina, Colombia, the U.S., the Philippines, and others since 2022.]]></description> <dc:date>2025-02-17T11:23:00-08:00</dc:date> </item> <item> <title><![CDATA[How to Convince Your Boss to Deploy DNSSEC and RPKI?]]></title> <link>https://circleid.com/posts/how-to-convince-your-boss-to-deploy-dnssec-and-rpki</link> <guid isPermaLink="true">https://circleid.com/posts/how-to-convince-your-boss-to-deploy-dnssec-and-rpki</guid> <description><![CDATA[At the Internet Governance Forum (IGF) 2024 in Riyadh, the Internet Standards, Security and Safety Coalition (IS3C) released a new tool: 'To deploy or not to deploy, that's the question. How to convince your boss to deploy DNSSEC and RPKI'. In this report, IS3C advocates mass deployment of these two newer generation, security-related internet standards, as their deployment contributes significantly to the safety and security of all internet users.]]></description> <dc:date>2025-02-10T05:45:00-08:00</dc:date> </item> <item> <title><![CDATA[The MOONSHINE Exploit Kit and the DarkNimbus Backdoor in the DNS Spotlight]]></title> <link>https://circleid.com/posts/the-moonshine-exploit-kit-and-the-darknimbus-backdoor-in-the-dns-spotlight</link> <guid isPermaLink="true">https://circleid.com/posts/the-moonshine-exploit-kit-and-the-darknimbus-backdoor-in-the-dns-spotlight</guid> <description><![CDATA[The Earth Minotaur threat group recently revived the MOONSHINE exploit kit, first discovered in 2019. According to Trend Micro's in-depth analysis, MOONSHINE had more than 55 servers in 2024 and has been updated with more exploits and functions compared with its 2019 version.]]></description> <dc:date>2025-02-05T11:15:00-08:00</dc:date> </item> <item> <title><![CDATA[Peering Into Midnight Blizzard’s DNS Footprint]]></title> <link>https://circleid.com/posts/1peering-into-midnight-blizzards-dns-footprint</link> <guid isPermaLink="true">https://circleid.com/posts/1peering-into-midnight-blizzards-dns-footprint</guid> <description><![CDATA[Thousands of people working for organizations in the public, academia, and defense sectors are being targeted by spear-phishing attacks operated by a threat group called "Midnight Blizzard." The messages contained a Remote Desktop Protocol (RDP) configuration file connected to the malicious actor's server.]]></description> <dc:date>2025-01-28T11:19:00-08:00</dc:date> </item> <item> <title><![CDATA[Global Domain Activity Trends Seen in Q4 2024]]></title> <link>https://circleid.com/posts/global-domain-activity-trends-seen-in-q4-2024</link> <guid isPermaLink="true">https://circleid.com/posts/global-domain-activity-trends-seen-in-q4-2024</guid> <description><![CDATA[Our research team analyzed 24.4+ million domains registered between 1 October and 31 December 2024 from the Newly Registered Domains (NRD) Data Feed.]]></description> <dc:date>2025-01-23T15:23:00-08:00</dc:date> </item> <item> <title><![CDATA[Tracking Down APT Group WIRTE’s DNS Movements]]></title> <link>https://circleid.com/posts/tracking-down-apt-group-wirtes-dns-movements</link> <guid isPermaLink="true">https://circleid.com/posts/tracking-down-apt-group-wirtes-dns-movements</guid> <description><![CDATA[The WIRTE advanced persistent threat (APT) group has been active since at least August 2018. It has targeted government, diplomatic, financial, military, legal, and technology organizations in the Middle East and Europe.]]></description> <dc:date>2025-01-21T16:00:00-08:00</dc:date> </item> <item> <title><![CDATA[WhoisXML API Launches First Watch Malicious Domains Data Feed with 97% Predictive Precision]]></title> <link>https://circleid.com/posts/whoisxml-api-launches-first-watch-malicious-domains-data-feed-with-97-predictive-precision</link> <guid isPermaLink="true">https://circleid.com/posts/whoisxml-api-launches-first-watch-malicious-domains-data-feed-with-97-predictive-precision</guid> <description><![CDATA[Los Angeles, California, U.S., Jan 16, 2025 -- WhoisXML API is thrilled to announce the launch of First Watch Malicious Domains Data Feed. This innovative release delivers daily predictive threat intelligence, detecting malicious intent in domain registrations ahead of weaponization.]]></description> <dc:date>2025-01-16T16:41:00-08:00</dc:date> </item> </channel> </rss>

CINXE.COM