Tech News
Back to home
Technology

Hackers exploit a blind spot by hiding malware inside DNS records

Source

Ars Technica

Published

TL;DR

AI Generated

Hackers are using a new tactic to hide malware within DNS records, exploiting a blind spot in security defenses. By storing malicious scripts and early-stage malware in DNS records, they can evade detection by antivirus software that typically scans downloads and email attachments. This method allows them to fetch binary files without arousing suspicion, as DNS traffic is often overlooked by security tools compared to web and email traffic. Researchers have observed this technique being used to host the Joke Screenmate malware, which disrupts computer functions. The malware is encoded in hexadecimal format, making it harder to detect.

Read Full Article

Similar Articles

Two UK teens charged in connection to Scattered Spider ransomware attacks

Two UK teens charged in connection to Scattered Spider ransomware attacks

UK teenager Thalha Jubair has been charged by federal prosecutors for his involvement in the Scattered Spider ransomware attacks on 47 US companies, resulting in over $115 million in ransom payments. The group demanded hefty ransoms from victims after breaching their networks and threatened to publish or sell confidential data. Another UK teen, Owen Flowers, was also charged in connection with a cyberattack on Transport for London. The recovery effort for the agency's public transit system lasted months due to the breach.

Ars Technica
Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC

Japan plans to subsidize NEC's purchase of cable-laying ships to bolster national security. The government is willing to cover up to half of the $300 million cost per vessel. NEC, a major player in undersea cables, currently leases ships but faces security risks due to reliance on charters. The move comes amid rising concerns over undersea cable attacks globally. NEC sees owning ships as a strategic advantage despite the financial commitment.

Tom's Hardware
U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

The United States has placed an $11 million bounty on Volodymyr Tymoshchuk, a Ukrainian man accused of orchestrating ransomware attacks that stole a total of $18 billion over three years. Tymoshchuk allegedly masterminded the MegaCortex, LockerGoga, and Nefilim attacks, targeting American companies, health institutions, and foreign industrial firms. The attacks involved encrypting files and demanding ransom payments. If extradited and found guilty, Tymoshchuk could face life in prison for charges related to computer damage and threatening to disclose private information. The indictment also implicates Tymoshchuk's involvement with other cybercriminals, including his co-defendant Artem Stryzhak.

Tom's Hardware
SAP warns of high-severity vulnerabilities in multiple products

SAP warns of high-severity vulnerabilities in multiple products

SAP has issued a warning about high-severity vulnerabilities in multiple products, including a critical flaw rated 10 out of 10 in its NetWeaver platform. This vulnerability, tracked as CVE-2025-42944, allows unauthenticated attackers to execute commands via malicious payloads on an open port. The maximum-severity threat is related to a deserialization vulnerability, a process that translates and reconstructs data structures. With hackers already exploiting vulnerabilities in SAP's ERP software, users are urged to take immediate action to secure their systems.

Ars Technica

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.