Security News
Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.
Microsoft is testing a fix for performance issues in Microsoft Edge's DNS-over-HTTPS feature and has once again enabled a list of suggested DoH servers. DNS-over-HTTPS allows DNS resolution to be performed over an encrypted HTTPS connection rather than through normal plain text DNS lookups.
The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency this week published joint guidance on Protective DNS. Designed to translate domain names into IP addresses, the Domain Name System is a key component of Internet and network communications. Protective DNS was designed as a security service that leverages the DNS protocol and infrastructure for the analysis of DNS queries and mitigation of possible threats.
A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability. SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.
The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization. The Register wrote about the domain takeover at the time and, as Foy put it, "The Register had spot-on reporting from the start as did Paul Ducklin at Sophos."
Boffins based in Belgium have found that a DNS-based technique for bypassing defenses against online tracking has become increasingly common and represents a growing threat to both privacy and security. In a research paper to be presented in July at the 21st Privacy Enhancing Technologies Symposium, KU Leuven-affiliated researchers Yana Dimova, Gunes Acar, Wouter Joosen, and Tom Van Goethem, and privacy consultant Lukasz Olejnik, delve into increasing adoption of CNAME-based tracking, which abuses DNS records to erase the distinction between first-party and third-party contexts.
Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits. Onion domains visited by the browser to whatever DNS servers the software was configured to use for non-Tor websites, allowing whoever operates those DNS servers - or anyone who can snoop on the queries in transit - to figure out the kinds of hidden services frequented by an individual user.
Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network.
Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks. Its DNS subsystem "Provides a local DNS server for the network, with forwarding of all query types to upstream recursive DNS servers and caching of common record types."
The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks. If exploited, these flaws could be chained together to allow remote code execution, denial of service and other attacks.