All news with #dga tag

Route 53 Adds Protection Against Dictionary DGA Attacks

🛡️ Amazon Web Services has added Dictionary-based DGA detection to Route 53 Resolver DNS Firewall Advanced, enabling real-time monitoring and blocking of domain queries that use word-based DGA techniques designed to mimic legitimate names. Administrators can create DNS Firewall Advanced rule(s) targeting Dictionary DGA and add them to rule groups to enforce protections on VPCs directly or through AWS Firewall Manager, RAM, CloudFormation, or Route 53 Profiles. The capability is available in all AWS Regions, including AWS GovCloud (US). See the Route 53 documentation for setup and pricing details.

Threat actors repurpose open-source monitor as beacon

⚠️ Attackers linked to China turned a benign open-source network monitoring agent into a remote access beacon using log poisoning and a tiny web shell. Huntress says they installed the legitimate Nezha RMM via a poisoned phpMyAdmin log and then deployed Ghost RAT for deeper persistence. The intrusion affected more than 100 hosts across Taiwan, Japan, South Korea, and Hong Kong and was contained in August 2025.