Wednesday , June 25 2025
CISA

CISA Published Encrypted DNS Implementation Guidance

infosecbulletin Saturday , May 18 2024 International

CISA published a guide on using Encrypted Domain Name System (DNS) for federal civilian agencies to improve cybersecurity and meet OMB Memorandum M-22-09 requirements.

Traditionally, the DNS protocol didn’t have ways to make sure requests and responses were confidential, secure, or authentic. However, the M-22-09 guideline requires agencies to encrypt DNS traffic and use CISA’s Protective DNS capability for egress DNS resolution. This guide will help agencies implement technical capabilities for their networks, DNS infrastructure, on-premises endpoints, cloud deployments, and mobile devices.

SonicWall warns of a trojanized NetExtender stealing VPN logins

By F2 / Wednesday , June 25 2025
SonicWall warned on Monday that unknown attackers have trojanized its SSL-VPN NetExtender application, tricking users into downloading it from fake...
Read More
SonicWall warns of a trojanized NetExtender stealing VPN logins

CVE-2025-36537
TeamViewer patched vuln allowing hacker SYSTEM Rights

By F2 / Wednesday , June 25 2025
A significant security vulnerability has been revealed in TeamViewer Remote Management for Windows, posing a risk of privilege escalation attacks....
Read More
CVE-2025-36537 TeamViewer patched vuln allowing hacker SYSTEM Rights

Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers

By infosecbulletin / Wednesday , June 25 2025
Unidentified hackers are targeting exposed Microsoft Exchange servers to inject harmful code into login pages and steal credentials. Positive Technologies...
Read More
Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers

WhatsApp banned on all US House of Representatives devices

By F2 / Tuesday , June 24 2025
The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

By F2 / Tuesday , June 24 2025
Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

By F2 / Tuesday , June 24 2025
OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

By F2 / Tuesday , June 24 2025
In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

By infosecbulletin / Monday , June 23 2025
A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

By infosecbulletin / Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

By infosecbulletin / Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

“As the operational lead for federal cybersecurity, CISA developed this guide to assist federal agencies with understanding and implementing key actions and protocols to begin encrypting DNS traffic,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “This guide will help agencies progress further in their zero trust security journey. CISA continues our efforts and collaboration with agencies to modernize federal agency cybersecurity successfully and securely.”

This document provides resources to help agency personnel understand the requirements and engage in the transition work. It includes a high-level implementation checklist, recommendations for phased implementation, and technical guidance. Implementing encrypted DNS will align civilian agencies’ security architecture with zero trust principles.

This guide is for federal agencies, but all organizations are encouraged to use it as a benchmark for applying zero trust efforts.

 

Check Also

Patch Tuesday

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

Microsoft’s June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin