Security News

Protecting IoT devices requires a DNS-based solution
2021-09-23 05:30

To prevent devices being used as attack vectors, the first step to IoT protection, when connected onto the network, must start with DNS: using Domain Name System infrastructures and DNS security capabilities to protect data and ensure IoT devices are only allowed access to relevant services. Whilst IoT devices will always have security vulnerabilities, by incorporating a secure approach which makes use of DNS technology, businesses and service providers can be confident they are best protecting their data and access to their IT infrastructure.

Black Hat: Novel DNS Hack Spills Confidential Corp Data
2021-08-12 20:30

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google. Essentially, we 'wiretapped' the internal network traffic of 15,000 organizations and millions of devices," Wiz wrote in a technical breakdown of the bug. Luttwak calls what he found a "Loophole" within the process used to handle the now obsolete dynamic DNS within modern DNS server configurations.

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
2021-08-11 04:57

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said. The exploitation process hinges on registering a domain on Amazon's Route53 DNS service with the same name as the DNS name server - which provides the translation of domain names and hostnames into their corresponding Internet Protocol addresses - resulting in a scenario that effectively breaks the isolation between tenants, thus allowing valuable information to be accessed.

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
2021-08-11 04:57

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz said. The exploitation process hinges on registering a domain on Amazon's Route53 DNS service with the same name as the DNS name server - which provides the translation of domain names and hostnames into their corresponding Internet Protocol addresses - resulting in a scenario that effectively breaks the isolation between tenants, thus allowing valuable information to be accessed.

All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability
2021-08-06 19:34

This undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.

New DNS Attack Enables 'Nation-State Level Spying' via Domain Registration
2021-08-06 15:08

A new domain name system attack method that involves registering a domain with a specific name can be leveraged for what researchers described as "Nation-state level spying." The attack method was identified by researchers at cloud infrastructure security company Wiz while conducting an analysis of Amazon Route 53, a cloud DNS web service offered to AWS users.

New DNS vulnerability allows 'nation-state level spying' on companies
2021-08-05 19:31

Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service providers that could allow attackers to access sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," the Wiz researchers said.

Enable secure DNS on your Chromebook: Here's how
2021-08-02 17:00

For a more secure experience, use DNS-over-HTTPS on your Chromebook. Jack Wallen shows you how.

Akamai DNS global outage takes down major websites, online services
2021-07-22 16:39

Akamai is investigating an ongoing outage affecting many major websites and online services, including Steam, the PlayStation Network, Newegg, AWS, Amazon, Google, and Salesforce. While the company has already acknowledged the issue, pinning it on an Edge DNS service problem, Akamai is still trying to find the underlying cause behind the incident.

Healthcare suffering from DNS attacks more than other industries
2021-07-15 03:30

The healthcare industry experienced devastating effects from DNS attacks during the COVID-19 pandemic, more so than other industries, a report from EfficientIP and IDC shows. The report shows that healthcare is more vulnerable than other industries to a variety of consequences from attacks: healthcare is the most likely industry to suffer application downtime, with 53% of healthcare companies in the survey reporting that.