This Week in Security: NSO Group and DNS Disasters

(Un)Ethical Hacking

The NSO Group is in the news again, and you’ll never guess why! Well, maybe you can. Yet again one of the NSO Group’s surveillance products – which it claims are only sold to governments for law enforcement purposes and

(Un)Ethical Hacking

The NSO Group is in the news again, and you’ll never guess why! Well, maybe you can. Yet again one of the NSO Group’s surveillance products – which it claims are only sold to governments for law enforcement purposes and are aimed at terrorists and criminals – was used against law-abiding citizens.

This time international investigators of GIEI were targeted, joining the ranks of the lawyers, politicians, journalists, anti-corruption activists, scientists, public health campaigners, government officials, and their family members, as victims of this targeted spying.

With all this attention, NSO Group has been trying out different branding and names to escape the bad PR, most recently using the Q Cyber Technologies trademark. Understandably, a history of enabling human rights abuses isn’t a good look. The NSO Group claims: “NSO’s mission is to make the world safer, by providing authorized governments with technology.”

But apparently, once the deal is done, they have no control over how their spyware is actually used by these authorized governments.

Hijacking The .io TLD

Matthew Bryant recently evaluated the security of DNS infrastructure, taking note of a particular feature: a Top-Level Domain (TLD) that can have authoritative nameservers at arbitrary domain names. This opens the TLD up to attack by registering the name for an authoritative nameserver for a TLD out from under the legitimate owners, like nabbing the domain name of a site that didn’t renew in time.

But with a TLD, the attack could be massive, effecting every server under the .io TLD, instead of simply a few. (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog