Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: .NL Registrar Compromisse SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
.NL Registrar Compromisse

Based on a note on the website of SIDN [1], as SQL injection vulnerability was used to compromisse the site and place malicious files in the document root. SIDN is the registrar for the .NL country level domain (Netherlands). As a result of the breach, updates to the zone file are suspended. There is no word as to any affects to the zone files, or if the attackers where able to manipulate them.

 

[1] https://www.sidn.nl/en/news/news/article/preventieve-maatregelen-genomen-2/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!