The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Advisory, apply the recommended mitigations, and refer to CISA’s Alert AA19-024A – DNS Infrastructure Hijacking Campaign for more information. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!