mardi 19 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

jeudi 10 janvier 2019

DNS Infrastructure Hijacking Campaign

Original release date: January 10, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolves. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.

NCCIC encourages administrators to review FireEye’s blog on global DNS infrastructure hijacking for more information. Additionally, NCCIC recommends the following best practices to help safeguard networks against this threat:

  • Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records.
  • Verify that DNS infrastructure (second-level domains, sub-domains, and related resource records) points to the correct Internet Protocol addresses or hostnames.
  • Search for encryption certificates related to domains and revoke any malicious certificates.

This product is provided subject to this Notification and this Privacy & Use policy.


Lien vers l'article source

Auteur: US Cert

Catégories: CertUSNombre de vues: 185

x

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS