Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label third party. Show all posts

Understanding the Domain Name System (DNS): How It Works and Why It Matters


The Domain Name System (DNS) serves as a critical element of the internet’s infrastructure, acting like a phone book that translates human-friendly domain names into the numerical IP addresses that computers use to communicate. Without DNS, accessing websites would be far more complicated, requiring users to remember lengthy strings of numbers instead of simple names like “google.com.” When you enter a website URL into your browser, the DNS process begins. This request, known as a “DNS query,” first goes to a DNS resolver—typically provided by your Internet Service Provider (ISP) or a third-party DNS service like Google Public DNS or Cloudflare. 

The resolver acts as an intermediary, starting the process to find the corresponding IP address of the domain name you’ve entered. The DNS resolver contacts one of the 13 root servers that make up the top level of the DNS hierarchy. These servers don’t hold the IP address themselves but provide information about which “Top-Level Domain” (TLD) server to query next. The TLD server is specific to the domain extension you’ve entered (e.g., “.com,” “.net,” “.org”) and points the resolver to the authoritative name server responsible for the particular website. The authoritative name server then provides the IP address back to the resolver, which, in turn, sends it to your browser. 

The browser then connects to the web server using this IP address, loading the website you want to visit. This process, though complex, happens in milliseconds. Security is a vital aspect of DNS because it is a frequent target for cyberattacks. One common threat is DNS spoofing, where attackers redirect traffic to fraudulent websites to steal data or spread malware. DNS hijacking is another risk, where hackers manipulate DNS records to divert users to malicious sites. These threats emphasize the importance of DNS security protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT), which encrypt DNS requests to prevent interception by malicious entities, thus protecting users’ data and privacy. 

Switching to a third-party DNS service can enhance your internet experience in terms of speed, reliability, and security. Services like Google Public DNS, OpenDNS, or Cloudflare’s 1.1.1.1 offer faster query response times, better privacy protection, and can help circumvent geographical restrictions imposed by ISPs. These alternatives often provide built-in security features, such as blocking malicious sites, to offer an extra layer of protection. 

DNS is the backbone of internet browsing, seamlessly converting domain names into IP addresses. By understanding its role and the importance of security measures, users can better appreciate how DNS keeps the internet functional and secure. Whether ensuring that websites load correctly or protecting against cyber threats, DNS plays an indispensable role in our everyday online activities.

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.

Data Breach at Third-Party Provider Exposed Medical Information of US Healthcare Patients

 

A data breach at a third-party provider has potentially leaked patients' confidential medical information from Northwestern Memorial HealthCare (NMHC) providers.

Unknown attackers obtained unauthorized access to a database managed by Elekta, a cloud-based platform that manages legally mandated cancer reporting to the States of Illinois. 

The healthcare provider, located in Chicago, reported the attackers copied the datasets, which included patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers, according to a security alert. 

The database also constituted of clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. 

Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, and Northwestern Medicine Valley West Hospital. 

According to the NMHC, no financial information was accessed. Patients who are suspected of being impacted will be notified via post. The NMHC will also provide free credit monitoring to people whose Social Security numbers have been compromised. 

NMHC also stated it was “re-evaluating its relationship with Elekta”. 

“Patients are encouraged to review their health insurer or healthcare provider statements and to contact them immediately if they see any services they did not receive. We regret that this incident occurred and are committed to protecting the security and privacy of patient information.” the statement reads. 

According to the company, the attackers did not get access to NMHC's systems, networks, or health records. The incident served as a harsh warning of the dangers of relying on third-party software or services.

A well-known example of what might happen as a result of a cyber-attack on a service provider is the Blackbaud event. The ransomware assault, which revealed the personal information of financial donors, impacted hundreds of nonprofit organizations and fundraising campaigns.

Crypto Lending Service, Celsius Suffers Third Party Data Breach

 

Cryptocurrency rewards portal, Celsius has witnessed a data breach, with the personal details of its clients disclosed by a third-party services provider that resulted in a phishing attack, as confirmed in the email sent out to the Celsius clients. 

Celsius CEO Alex Mashinsky indicated that perhaps the third-party commercialization server of Celsius has been hacked and threat actors acquired access to a partial Celsius client list. The hackers used this knowledge to send Celsius clients malicious e-mails and text messages to reveal their secret keys. 

"An unauthorized party managed to gain access to a backup third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers," sources noted.

The breach was intended to make clients believe that the malicious email originated from Celsius, also that the malicious website was a Celsius Website, and that they had their own (non-Celsius) wallet possession of the recipients' assets by encouraging the client to provide their private wallet address. The actors behind the attack caught up with Celsius Networks in phishing texts and emails promoting a new Celsius Web Wallet after accessing the customer list. To encourage people to visit the website, the Celsius text says, when they build a wallet and enter a certain promotion code, they will offer $500 for the CEL cryptocurrency. After clicking on the mentioned link, clients were asked to build a Celsius Web Wallet by the celsiuswallet[.]network website, which is now closed. Furthermore, Celsius users complained that phishing messages are received on phone numbers they have never sent to Celsius. 


The issue came to light on 14th April 2021 when clients from Celsius started reporting about a fake website claiming to be the Celsius official portal. The company has also notified some Celsius customers receiving SMS and emails claiming to be Celsius officials, referring to this website and encouraging recipients to enter confidential details according to their source. Meanwhile, the team also examined how hackers accessed Celsius customer telephone numbers because of the breach in an email management system. 

Nevertheless, some of the Celsius employees had the encouraging concept in response to recent incidents of setting up a compensation fund to help people who might have lost cryptocurrency assets.