Friday, May 2, 2025
Home Blog Page 917

Indian Aadhaar Details Exposed in Public by More than 200 Government Websites

Indian Aadhaar Details Exposed in Public by More than 200 Government Websites

Around 200 websites are publically Exposed the AADHAAR Card’s information that contains  More than 1 Billion Indian’s Personal Identity information such as names and addresses of some Aadhaar beneficiaries.

UIDAI is mandated to issue an easily verifiable 12 digit random number as Unique Identity as Aadhaar to all Residents of India.

This program wants each and every citizen to have a unique number which involves issuing an Aadhar number as well as one Aadhar card. This should also be linked to other key services like pension schemes or their bank accounts.

Also Read:  Pentagon’s Data Leak Exposed 1.8 Billion of Social Media Surveillance Data

A Report from RTI, Said it was found that approximately 210 websites of a central government, state government departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.

The UIDAI took note and got the Aadhaar data removed from the said websites, it said in reply to the RTI application.

“UIDAI has a well-designed, multi-layer approach robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity,” the RTI reply said.

“Various policies and procedures have been defined, these are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material, and data in and out of UIDAI premises, particularly the data centres,” the UIDAI said.

Android Bug that Allows Attacker to Capture the User’s Screen and Record Audio Impacts 77.5% of Android Devices

Android Bug that Allows Attacker to Capture the User’s Screen and Record Audio Impacts  77.5% of  Android Devices

All Android devices between 5.0 to 7.1.2 are affected with the vulnerability in MediaProjection that allow an attacker to capture the user’s screen and to record system audio.

From Android version 5.0 Google introduced MediaProjection service to give the developers an ability to capture screen and record audio, they no longer need root privileges or to sign their release keys.

A SystemUI pop-up comes up warning users requesting permission that their screen is captured, attacker’s trick this to capture the user’s screen should the user tap of the SystemUI popup it has been overlayed by the attacker with an arbitrary message.

Researchers from MWR lab discovered this vulnerability and the primary cause of the vulnerability due to partially obscured SystemUI pop-ups which Android versions unable to detect.

Also Read All Android Version Except 8.0/Oreo are Vulnerable to Toast Overlay Malware Attack

Patched in Version 8.0 – Android Bug

MWR lab’s advised developers to defend the attack enabling the FLAG_SECURE layout parameter from the application window manager for the complete report.

Vulnerability reported to Google and currently, it has been patched with version 8.0 and the lower versions are still remain vulnerable.At it is still unclear about Google plans for patches in older versions.

Researchers said according to Google Android developers dashboard approximately 77.5% active Android devices are vulnerable to this attack.

Recently we heard about Toast Overlay attack which affects all Android Version Except 8.0. It allows an attacker to draw on top of other windows and apps running on the affected device. With this recently found overlay assault does not require a particular permissions or conditions to be compelling.

And the potential attack Cloak & Dagger allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity.

Complete CompTIA IT Certification 3 in 1 Bundle with A+, Network+, Security+

Complete CompTIA IT Certification 3 in 1 Bundle with A+, Network+, Security+

CompTIA Certification offers some of the most recognized entry-level certifications for IT professionals, including its A+, Network+ and Security+ certifications.

CompTIA is a global provider of vendor-neutral IT certifications, such as the popular A+, Network+, Security+ certifications. Most, if not all, CompTIA certifications are Tech you the best IT skills in terms of Networking and Security based stong skillset and those new to the IT field.

Also Read:  Become Master in Cyber Security with Complete Advance Level Security Course Bundle

Complete this collection of three CompTIA Certification courses to prep for the CompTIA A+ certification exam–a crucial step towards starting an IT career. Master subject matter in areas like networking, preventative maintenance, and more. By the time you’re done, you’ll be able to troubleshoot networking and security issues like a pro, dramatically boosting your career prospects and earning potential.

CompTIA Certification Course Outline

  • Course 1: CompTIA A+ 220-902
  • Course 1, CompTIA A+ 220-901
  • Course 2: CompTIA N10-006: CompTIA Network+
  • Course 3: CompTIA SY0-401 or JK0-018: Security+

This package is also one of the most cost-effective routes to IT cyber security excellence.

Today we are Introduced to you one of the best advance level cyber security course bundle which includes  CompTIA A+, CompTIA Network+, CompTIA Network+ for just $49 only.

This 3 level course Cost is around $1077. but Our special 95% Discount offer Brought you just  $49 for Whole 3 Advance Cybersecurity Certification Course

Get This 3 Complete CompTIA  Course Bundle for just $49

CompTIA A+ 

CompTIA A+ certification is an internationally recognized, vendor-neutral certification that many employers consider a prerequisite for entry-level IT employment. A+ certification signifies that the individual is capable of performing tasks such as installation, configuration, and troubleshooting of common PC systems.

You can Download CompTIA A+Syllabus Here

  • Identify the hardware components of personal computers and mobile digital devices.
  • Identify networking and security fundamentals.
  • Install, configure, and troubleshoot display devices.
  • Install and configure peripheral components.
  • Manage system components.
  • Manage data storage.
  • Identify the hardware and software requirements for client environment configurations.
  • Identify network technologies.
  • Install and configure networking capabilities.
  • Support mobile digital devices.
  • Support printers and multifunction devices.

Get This 3 Complete CompTIA  Course Bundle for just $49

CompTIA Network+

CompTIA Network+ is a vendor-neutral networking certification that is trusted around the world. It validates the essential knowledge and skills needed to confidently design, configure, manage and troubleshoot any wired and wireless networks. CompTIA Network+ certified individuals are in-demand worldwide.

According to the U.S. Bureau of Labor Statistics, 12% job growth is expected in network and computer systems over the next seven years. Additionally, CompTIA Network+ professionals are known to excel in their job: Global Knowledge’s IT Skills and Salary Report estimates the average salary of a Network+ certified IT professional at about $74,000.

You can Download CompTIA Network+ Syllabus Here

  • Networking theory, concepts, and networking methods
  • Networking data delivery
  • Networking media, cabling and hardware
  • Networking protocols and the OSI model
  • Networking Operating Systems
  • TCP/IP fundamentals
  • Networking security, including preventing and responding to incidents

Get This 3 Complete CompTIA  Course Bundle for just $49

CompTIA Security +

CompTIA Security+ is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management – making it an important stepping stone to an IT security career.

You can Download CompTIA Securiy+ Syllabus Here

Upon successful completion of this course, students will learn to:

  • Identify the fundamental concepts of computer security
  • Identify security threats and vulnerabilities
  • Manage data, application, and host security
  • Implement network security
  • Identify and implement access control and account management security measures
  • Manage certificates
  • Identify and implement compliance and operational security measures
  • Manage risk
  • Troubleshoot and manage security incidents
  • Plan for business continuity and disaster recovery

Get This 3 Complete CompTIA  Course Bundle for just $49

New Terdot Malware operate as a MITM Proxy & Take over FB and Twitter by Steal Browsing Information

New Terdot Malware operate as a MITM Proxy & Take over FB and Twitter by Steal Browsing Information

Highly sophisticated and customised Terdot Malware Discovered that has been developed by inspiration of wide spreaded Dangerous Zeus Banking Malware.

Terdot considering as very stealthy Malware that has an ability to steal the Browsing information such as login credentials and stored credit card information, as well as inject HTML code in visited Web pages and also it operates a MiTM Proxy.

unlike other Banking Trojan, it also having the eavesdropping capability and using this technique, it can able to modifying the traffic on most social media and email platforms also it can download and execute any files when requested by its operator using automatic updating capability.

The banking malware mostly targeted Canada the United States, the United Kingdom, Germany, and Australia countries and attacking the organization such as PCFinancial, Desjardins, BMO, Royal Bank, the Toronto Dominion Bank, Banque Nationale, Scotiabank, CIBC and Tangerine Bank.

Terdot targeted social networks inclide Facebook, Twitter, Google Plus and YouTube. Interestingly, the malware is specifically instructed not to gather any data from vk.com, Russia’s largest social media platform.

Also Read: Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

How Does this Terdot Malware Spreading

InitiallyTerdot Banking malware spreading via Email that contains a button with the PDF icon on it.

PDF icon contains an obfuscated javascript embedded with it.once victim clicks the icon then it will get executed and later it will download and run the malware.

Another primary infection vector Sundown Exploit Kit also apparently delivering the Terdot family.

Terdot Delivering the payload with complex chain dropper to protect it to evade the detection until complete Terdot files and third-party utilities are downloaded on the disk that is completely encrypted.

Infection Chain

According to Bitdefender, To read browser traffic, Terdot injects itself into browser processes, where it hooks very low-level network socket operations to direct all connections to its own local proxy server. This server inspects the traffic, forwards the request to the intended target, receives the response, then it sends it back to the victim’s browser, possibly altering it in the process.

It uses two ways to Steal the data.one is by inspecting the client request or injecting the javascript spyware code, the second one is collecting logs from relevant data in HTTP requests and uploads them periodically to the C&C servers.

Terdot is a complex malware, building upon the legacy of ZeuS. Its modular structure, complex injections and careful use of threads make it resilient, while its spyware and remote execution abilities make it extremely intrusive Bitdefender said.

Pentagon’s Data Leak Exposed 1.8 Billion of Social Media Surveillance Data

Pentagon’s Data Leak Exposed 1.8 Billion of Social Media Surveillance Data

Pentagon Data Leak, other three Amazon Web Services S3 cloud storage buckets that contain social media surveillance data configured in the way that users with free AWS account can read and download the contents.

Leaked data consist of billions of public internet posts, news commentary and other writings from individuals from the US and other Countries.

Leaked data in one of the three buckets consist of more than 1.8 billion posts of content that captured around 8 years. It includes data collected from comment sections, web forums, and social media sites like Facebook.
Pentagon Data Leak
Source: UpGuard

Pentagon Data Leak Discovery

UpGuard Director of Cyber Risk Director Chris Vickery discovered these buckets with subdomain “CENTCOM-backup,” “CENTCOM-archive,” and “pacom-archive”, where the CENTCOM refers to the US command center.

Also with further investigation, they identified a settings table in “CENTCOM-backup” in bucket operated by VendorX who building Outpost for CENTCOM and defense department.

We found a folder, titled “scraped,” contains an enormous amount of XML files consisting of internet content “scraped” from the public internet since 2009 to 2015; the other CENTCOM bucket, “archive,” would be found to contain more such data, collected from 2009 to the present day.Upguard says.
Pentagon Data Leak
Source: UpGuard

Another bucket “CENTCOM-archive” contains the same set of XML file formats as like “CENTCOM-backup”. Posts stored in different languages with an emphasis on Arabic.

From the information obtained from CENTCOM bucket, seems it focused on millions of Internet posts and majorly from the Middle East and South Asia.

And the next bucket “pacom-archive” structure resembles same as like “CENTCOM-archive” but it consists of posts from Southeast, East Asian and Australia.

UpGuard says collection methods used to build these data stores remains somewhat murky.Massive in scale, it is difficult to state exactly how or why these particular posts were collected over the course of almost a decade.

Vickery says “A simple permission setting makes difference between these buckets to remain safe or exposed online”. You can read complete investigation report at UpGuard.

Some of Very Recent Data Leaked Online

  1. Famous Cosmetic Company “Tarte” leaked 2 Million Customers Personal Data Online
  2. Fashion Retailer FOREVER 21 Admits Payment Card Security Breach
  3. Accenture Data Leak Exposed 137 Gigabytes of Highly Sensitive Data Online
  4.  Deloitte Hacked by Cyber Criminals and Revealed Client & Employee’s Secret Emails
  5. Leading research and advisory firms Forrester was hacked
  6. Disqus confirms it’s been hacked and more than 17.5 Million Users Details Exposed
  7. Gaming Service R6DB Database deleted By Hackers and held for Ransom
  8. Biggest Hack Ever – Each and Every Single Yahoo Account Was Hacked in 2013
  9. Pizza Hut Hacked – Users Reporting Fraudulent Transactions on their Cards
  10. Hyatt Hotels Data Breach Exposed 41 Hotel Customers Payment Card Information
  11. Verizon Wireless Confidential DataLeaked Accidentally by Its Employee
  12. ABC Company Massive Data Leaked online from Amazon S3 Bucket
  13. Pentagon Data Leak Exposed 1.8 Billion of Social Media Surveillance Data

Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

It is very usual these days to find many applications having a hidden crypto-mining module. But the recent trend is more mainstream and is done via web pages. Yes, now websites have started doing crypto-mining and are done totally in the background, all thanks to Coinhive.

To note, we have already reported about the beginning of this web-based mining last month.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Websites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors.

A traditional miner would go for GPU resources on a device or a PC, but what makes Coinhive different is that it uses CPUs compute power. And this gives it a great advantage because it works on every computing device that can run a javascript page.

A fake 1337x and 400+ websites have this mining script active:

Ad blocker AdGuard last month reported that 220 sites on the Alexa top 100,000 listserve crypto mining scripts to more than 500 million people.

But we found that number crossed its next 100th marker faster, and now more than 400 sites under Alexa top 100,000 are running this script on their visitor’s machines and devices

At GBHackers, we discovered one such fake site ( www.1337x.io ) of the very popular torrent sharing site 1337x  doing this. The problem is, when you google this site’s name, the first result you get is the fake website’s address. So, we reported this site immediately to Google and the next day, the script was removed from the source code.

Here is how their script looks like,

Coinhive

As per CoinHive ,

If you run a blog that gets 10 visits/day, the payout will be minuscule. But with just 10–20 active miners on your site, you can expect a monthly revenue of about 0.3 XMR (~$38).

It’s a good deal for a site owner and we like the idea of CoinHive But also, we feel it’s not ready for its prime time yet. We will give you one good reason for that.

It’s not possible to determine the computing potential of every visitor’s machine and set the mining throttle number to some value. If you set it to something high, the visitor’s PC performance will cripple and he will never visit the site again. And if you set it to low, you will not earn much to keep the blog going.

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea,” noted Adam Kujawa, director of Malwarebytes Labs. “The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote: “ The reason we block Coinhive is that there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.

A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl. “

Hearing everyone’s plea and seeing all the fuzz about the abuse, coinhive had come up with a great way of dealing this issue. It’s called . As per Coinhive,  it is similar to the previous cryptocurrency miner but with one crucial and very important addition – a user consent page.

“AuthedMine enforces an explicit opt-in from the end user to run the miner. We have gone to great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”

So, what if you don’t like websites mining crypto-currency using your computer’s power?

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin

But if you are a normal user, install AdGuard’s extension on your browser and you will be good to go. Here is a screenshot of how AdGuard reacts to a website running a crypto-mining script in the backend.

Coinhive

Using Coinhive’s crypto-mining script is definitely a great deal for the blog owners. But unfortunately, it’s a bad news for the visitors as their CPUs power is being continuously eaten which takes a huge toll on their electricity bills.

So, we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.

 

Kaspersky Lab Investigation Says the NSA Contractor Computer Already Infected with Huge Number Malwares

Kaspersky Lab Investigation Says the NSA Contractor Computer Already Infected with Huge Number Malwares

Kaspersky hits back saying that the user’s computer has been infected by a backdoor Mokes, which allows attackers to gain access to the device.

Last Month the incident was reported by Wall Street Journal says, Russian hackers Stolen information that are highly Sensitive Data such as how the NSA penetrates foreign computer networks.You can read more detail about the incident here.

Kaspersky conducted an internal investigation to answer all the questions and allegation raised. Their assume that data might be taken already and most likely Equation Group. So they check with malware families of equation group.

According to “Kaspersky Lab” study the malware command and control servers has been registered from September to November 2014 on a supposedly Chinese individual Zhou Lou.

In total, they detected 37 unique files and 218 detected objects, including executables and archives containing malware associated with the Equation Group.

The file paths observed from these detections indicated that a developer of Equation had plugged in one or more removable drives, AV signatures fired on some of the executables as well as archives containing them, and any files detected (including archives they were contained within) were automatically pulled back. At this point in time, we felt confident we had found the source of the story fed to Wall Street Journal and others. Says Kaspersky

They also discover a signature created by a malware analyst in 2015 that was looking for the following patterns:

*saidumlo*
*secret*.*
*.xls
*.pdf
*.pgp
*pass*.*

With further analysis they found a malicious actor on October 4, 2014, at 23:38 local time, specifically by a piece of malware hidden inside a malicious MS Office ISO, specifically the “setup.exe” file (md5: a82c0575f214bdc7c8ef5a06116cd2a4).

Looking at the sequence of events and detections on this system, we quickly noticed that the user in question ran the above file with a folder name of “Office-2013-PPVL-x64-en-US-Oct2013.iso”.And they said Executing the malware would not have been possible with the antivirus enabled.

Based on the detections and alerts found in the investigation, the system was most likely compromised during this time frame by unknown threat actors. We assess this from the fact that the user installed a backdoored MS Office 2013 illegal activation tool.

They concluded the possibility exists that there may have been other malware on the system which our engines did not detect at the time of research.

ABC Company Massive Data Leaked online from Amazon S3 Bucket

ABC Company Massive Data Leaked online from Amazon S3 Bucket

The Australian Broadcasting Corporation (ABC) Sensitive data leaked online from AWS S3 repositories that included usernames, email addresses, password hashes, and other user details.

Leaked data belongs to  ABC Commercial that is  Division of  Australian Broadcasting Corporation that provides a service such as retail, content sales, and consumer publishing, provides content marketing, distribution, and a wide range of digital services.

The exposed data included 1,800 daily backups of an ABC Commercial database, as well as requests sent by overseas TV producers to the ABC to license its content.

Also Read: Fashion Retailer FOREVER 21 Admits Payment Card Security Breach

ABC Company already hacked on 2013 and suffered from 50,000 users data leaked online.so this is not a First Time ABC Company suffering the data Breach/Leaked.

According to Kromtech Security Center, The leak occurred just one week after Amazon introduced its new S3 encryption and security features aimed at enhanced security options for users.

This misconfigured AWS S3 bucket was identified during a regular security audit of a misconfigured S3 environment on November 14th.

publicly accessible folders in one of the buckets

These are the following Leaked ABC Company Data from Misconfigured AWS Bucket.

  • Several thousand emails, logins, hashed passwords for ABC Commercial users to access the ABC content (these include users who are well-known members of the media)
  • Requests for licensed content as sent by TV and media producers from all over the world to use ABC’s content and pay royalties.
  • Secret access key and login details for another repository, with advanced video content
    1,800 daily MySQL database backups from 2015 to present

one of the user tables in MySQL database backups

These misconfigured data was publicly available that can be accessed by anyone and also it was indexed by Censys that is a Deep Search engine which is used for gathering information about the hosts and networks that compose the Internet.

Kromtech Security Center has been reported to concern authority of ABC Company All reported buckets were successfully secured within minutes.

Some of Very Recent Data Leaked Online

  1. Famous Cosmetic Company “Tarte” leaked 2 Million Customers Personal Data Online
  2. Fashion Retailer FOREVER 21 Admits Payment Card Security Breach
  3. Accenture Data Leak Exposed 137 Gigabytes of Highly Sensitive Data Online
  4.  Deloitte Hacked by Cyber Criminals and Revealed Client & Employee’s Secret Emails
  5. Leading research and advisory firms Forrester was hacked
  6. Disqus confirms it’s been hacked and more than 17.5 Million Users Details Exposed
  7. Gaming Service R6DB Database deleted By Hackers and held for Ransom
  8. Biggest Hack Ever – Each and Every Single Yahoo Account Was Hacked in 2013
  9. Pizza Hut Hacked – Users Reporting Fraudulent Transactions on their Cards
  10. Hyatt Hotels Data Breach Exposed 41 Hotel Customers Payment Card Information
  11. Verizon Wireless Confidential DataLeaked Accidentally by Its Employee

Dark Website Leaked its hidden server IP Address that Sells Illegal Cannabis Drug

Dark Website Leaked its hidden server IP Address that  Sells Illegal Cannabis Drug

An Illegal Dark website called ElHerbolario that sells Cannabis drug Leaked its secret server IP address online due to poor server configuration made by their server admins.

The Darkweb, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard search engines for any reason.

Also Read: Mysterious Deep Web : Secrets from the Dark Side of the Internet

In this case, Leaked original IP Address leads to track the original site owner and seize the server and later Law enforcement will be playing against the owner.

This Drug selling Dark Website is an intermediate seller so that possible rate of doing illegally selling things like this type of Cannabis drug is obvious one.

This Dark Website is highly rated one Even though this belongs is Darkweb site that makes researcher go into a deep investigation.

How Does the Investigation go on – Dark Website

Initially, Researcher starting the investigation by checking the String of  ElHerbolario which is the name of this illegal website.

Later To find the content management system (CMS) for this site, he was checked by applying the “wp-admin” at the end of the URL which is unique to a WordPress site. but the attempt was failed due to the admin of the site ower disabled the wp-admin login form link.

Later Right click on it and click on “Investigate Element” to open the Network tab and reload it.The status is 200. 200 because Riku was sent to when you reload es means that capital was normal. So, it means that a folder called / wp-content / existed.

According to Researcher, So it was confirmed that owner of this site was using WordPress.The reason why we wrote about this folder is that in the same way, the database leaked out due to mistakes in folder permission setting on another drug seller’s site in the past.

In this case, he felt that E and L Seem unnatural, later he found that it means a herbalist in Spanish.so he confirmed that the person who built this server is a person who is related to Spain.

Later investigation revealed that website Server is NGINX and OS use Debian. But IP Address didn’t find in this area.

Last but not least, we do have a deep search Engines to find some mysterious things that we cant get it on google.

So he used one of the deep web Search engine called  Censys and search by using the characteristic word ElHerbolario.

There is “El Herbolario Personal Shop” on the top of the results in Dark Website list. and its shows the IP Address of the website.

Later by checking the  IP address to confirm the original site of the IP, it has been checked with Tor Brower.

Finally,  DDoS attack was found that it is a mirror server to be used when subjected to. In addition, the server uses Blazing fast.

This is famous as a bulletproof server. As you can see there are other uses of Debian and nginx. It is the same as the original server.

Quad9 – Free DNS Platform to Protect Users From Malware and Phishing Sites

Quad9 – Free DNS Platform to Protect Users From Malware and Phishing Sites

Quad9 a free DNS security solution that uses to protect users against most common cyber threats and their privacy.

It keeps blocking you against known malicious domains and prevents your computer and IoT devices from connecting to malware or phishing sites.

Quad9 created in collaboration with IBM Security, Packet Clearing House and the Global Cyber Alliance (GCA), intend to provide users an added privacy and security protection as they across the internet.

Threat intelligence

It checks the website with IBM X-Force threat intelligence database which consists of 40 Million analyzed web pages and images. Also, it feeds on 18 additional threat intelligence sources.

Also Read: Email Header Analysis – Received Email is Genuine or Spoofed

All of these sources combined into threat mitigation feed gives a vast database to Quad9, which makes it to act rapidly in case of risks emerge.

How Does it work

To use Quad9 DNS service change your computer preferred DNS server to 9.9.9.9, then your request will be routed through Quad9 DNS instead of your ISP default DNS.

It has an inbuilt threat intelligence if it detects malware or other infection in the domains you enter it blocks from accessing it.

Quad9 says IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS.

Performance

Servers distributed worldwide and they are placed primary at Internet exchange points, so it reduces the time and distance better than any other solutions.

At launch severs they placed servers at 70 locations, more than 160 locations scheduled on 2018 and the systems are anycast which automatically routes to the closest operational system.

To Setup on Windows

To Setup on Mac