Security analysts at Google are developing a framework that they hope will enable large language models (LLMs) to eventually be able to run automated vulnerability research, particularly analyses of malware variants. The analysts with Google’s Project Zero – a group founded a decade ago whose job it is to find zero-day vulnerabilities – have been..

The post Google’s Project Naptime Aims for AI-Based Vulnerability Research appeared first on Security Boulevard.

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine.

The post Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive appeared first on Security Boulevard.

Multiple bad actors are using the Rafel RAT malware in about 120 campaigns aimed at compromising Android devices and launching a broad array of attacks that range from stealing data and deleting files to espionage and ransomware. Rafel RAT is an open-source remote administration tool that is spread through phishing campaigns aimed at convincing targets..

The post Rafel RAT Used in 120 Campaigns Targeting Android Device Users appeared first on Security Boulevard.

Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears.

The post EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped appeared first on Security Boulevard.

DNS enables the easy navigation from website to website as you currently know it. However, the system wasn’t exactly designed with your privacy and security in mind.

Many DNS resolvers - such as your internet service provider's (ISP) - do not encrypt queries and may log data and metadata surrounding your queries. Additionally, unencrypted queries can be captured, viewed, and otherwise "consumed" (used) by eavesdropping third parties since data is exchanged in clear text.

Fortunately, using an encrypted DNS server provider can be a viable option for some users out there. This post aims to explore how and why - and doesn't leave out the limitations of encrypted DNS.

DNS and your privacy

Assuming you know the basics of DNS and how the system works, privacy issues surrounding DNS frequently involve the potential capture and “snooping” of DNS queries made by a device and the sending of unnecessary information (typical in the absence of QNAME minimization) to DNS servers performing the resolution.

DNS servers can log data about the device making the query, times queries were requested, and of course the query itself - ex: avoidthehack.com. Naturally, the amount of logging or even the presence of logging depends on the DNS service itself; for example, ISPs often log DNS queries and share them with a variety of third parties. Users often get no "say" or may not even be aware of this.

With unencrypted queries - which is often the default for most resolvers - third-parties to the transaction between the device and the DNS resolver can “eavesdrop” on queries made by devices. Eavesdropping has been has been performed by public and private organizations alike to surveil DNS traffic (and potentially hijack it.)

With the presence of HTTPS, third-party snooping devices won’t be able to see what data is passed between the client device and the web server - but with unencrypted DNS queries, it would be able to see that a query was made. Captured over time, browsing habits can be inferred from DNS requests observed.

What data is sent to DNS Servers?

Internet connections to visited websites and web apps start out as a DNS request. Assuming the absence of the requested website in a DNS cache - which can be in the browser and/or on the device itself - a query is sent to the DNS resolver.

The DNS resolver can be a machine local to the network or a service managed by a DNS service provider. The latter is generally more common (especially for most users out there); though, it is worth mentioning that local resolvers often pass queries to "upstream" DNS servers.

Again, generally, many users use the ISP’s DNS resolvers as it is the "default" and most do not know these can be changed in the browser or on the device/network (hardware/firmware permitting). Of those who know how to change DNS settings, we can safely assume most of these users, who are already a minority amongst most users, aren't running a local recursive resolver.

Exact data sent to DNS resolvers vary, but data sent to DNS resolvers typically include:

• Top-level domain (TLD) requested. This includes link clicked/domains typed into the browser address bar and background connections initiated by apps/services and resources called by websites.
• If HTTP is used: Visited pages within the TLD. The commonality of HTTPS makes this irrelevant in the modern landscape, though some websites still serve content using a mix of HTTP/HTTPS.
• Timestamp request was made
• IP address of client device
• Protocol (UDP or TCP)
• Record type (A, AAAA, etc)

Data sent with the queries themselves can also be logged by DNS resolvers, but as mentioned previously, the details of logged data and the action of logging itself ultimately depends on the DNS service provider.

Depending on the service provider, additional information about network subnets and device identifiers (such as MAC addresses) may be embedded within DNS queries, essentially fingerprinting users or their networks.

Who can see DNS information?

Ultimately, it depends.

As mentioned, DNS queries are typically unencrypted and thus clear text and readily available for anyone willing to listen.

Even with encrypted DNS, generally your device, the router, and the DNS provider can see DNS requests. If you are using your ISP’s DNS servers - which are usually the default - then they can also see your DNS requests.

Your ISP may log this information and potentially use it for their own endeavors and/or share this data with third parties - which can include advertisers or government agencies.

Unless you are using a virtual private network (VPN) or an onion routing service like the Tor network, your ISP can still see connections to IP addresses.

Benefits of using encrypted (and privacy-friendly) DNS services

Benefits of using encrypted DNS services include preventing third-party DNS query sniffing, keeping DNS traffic private from ISP, and blocking ads on a network.

Eliminate third-party sniffing of DNS queries

The primary benefit of using any encrypted DNS server is preventing third parties from sniffing traffic and seeing what DNS queries users' devices make. This is true even if the encrypted DNS provider is capturing device information or otherwise logging DNS query data and metadata (though this is far from ideal.)

However, it's worth mentioning that if the encrypted DNS server is indeed logging information, they may share this information with third parties - this is a different threat vector than a third party listening or capturing the queries themselves. This can be alleviated by using a "trusted" encrypted DNS provider.

Filtered (and encrypted) DNS servers can block ads/malicious domains on the network level

Some encrypted DNS providers also offer domain filtering. Depending on the provider, they may filter domains known to serve malware, ads, trackers - or any combination of these.

For example, if you set your router to use such a resolver, it will provide blocking services for devices connected to your home network.

Some DNS providers give users customization options for what is blocked or filtered. Others run specific blocklists on their servers and do not allow the user to customize what is blocked. In either case, devices/networks using DNS providers with filtering services will not connect...

The post DNS and Your Privacy: Should you use encrypted DNS? appeared first on Security Boulevard.

A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.

The post Survey Surfaces Lack of Confidence in Security Tools appeared first on Security Boulevard.

QR codes have been around for three decades, but it wasn’t until the COVID-19 pandemic hit in 2020 that they got wide use, with restaurants, health care facilities, and other businesses turning to them to customers contactless ways to read menus, buy items, or track the health of people in their buildings. Around the same..

The post A New Tactic in the Rapid Evolution of QR Code Scams appeared first on Security Boulevard.

Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.

The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard.

At the RSA Conference last month, Netcraft introduced a generative AI-powered platform designed to interact with cybercriminals to gain insights into the operations of the conversational scams they’re running and disrupt their attacks. At the time, Ryan Woodley, CEO of the London-based company that offers a range of services from phishing detection to brand, domain,..

The post Netcraft Uses Its AI Platform to Trick and Track Online Scammers appeared first on Security Boulevard.

Microsoft and Google will provide free or low-cost cybersecurity tools and services to rural hospitals in the United States at a time when health care facilities are coming under increasing attack by ransomware gangs and other threat groups. For independent rural and critical access hospitals, Microsoft will provide grants and as much as 75% discounts..

The post Microsoft, Google Come to the Aid of Rural Hospitals appeared first on Security Boulevard.

Not our fault, says CISO: “UNC5537” breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.

The post Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked appeared first on Security Boulevard.

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files.

The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

It remembers everything you do on your PC. Security experts are raging at Redmond to recall Recall.

The post Microsoft Recall is a Privacy Disaster appeared first on Security Boulevard.

We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less capable “Manifest V3” API.

The post Google Hates Ad Blockers: Manifest V3 Push Starts Today appeared first on Security Boulevard.

In “Living off the Land attacks,” adversaries use USB devices to infiltrate industrial control systems. Cyberthreats from silent residency attacks put critical infrastructure facilities at risk.

The post A Major Industrial Cybersecurity Threat: Living off the Land Attacks appeared first on Security Boulevard.

Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.

The post ‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.

The two primary components to the solution are to encrypt company data at all times, and to decrypt only when the file is required for use.

The post New Endpoint Protection Platform by Cigent Blocks Ransomware at the Data Level appeared first on SecurityWeek.

Source: securityboulevard.com – Author: Wajahat Raja Recent reports claim that the Microsoft Threat Intelligence team stated that a cybercriminal group, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist tool in a series of social engineering attacks. This group is known for deploying the Black Basta ransomware attack. On May 15, 2024, Microsoft released details […]

La entrada Black Basta Ransomware Attack: Microsoft Quick Assist Flaw – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.