[Servercert-wg] Ongoing DNS compromises

Eric Mill eric at konklone.com
Tue Jan 22 18:54:36 MST 2019

The US Department of Homeland Security released an "emergency directive" to
civilian agencies today to address these threats:

The main requirement is MFA on accounts with write access to DNS, but
another interesting part is the investment by DHS in monitoring Certificate
Transparency logs on behalf of the US government, and directing agencies to
make use of this information to monitor for unauthorized issuance.

-- Eric

On Tue, Jan 22, 2019 at 8:48 PM Geoff Keating via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Hi All!
> I thought I’d draw your attention to
> https://www.us-cert.gov/ncas/current-activity/2019/01/22/CISA-Emergency-Directive-DNS-Infrastructure-Tampering
> https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
> https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
> This is not a new kind of attack but it seems to being used in a more
> sophisticated way than previously.  It highlights the difference between
> ‘ability to change DNS’ and ‘control of the
> domain’._______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg

Eric Mill
617-314-0966 | konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190122/55b2c8a8/attachment.html>

More information about the Servercert-wg mailing list