Security News

Week in review: Costliest cybersecurity failures, DNS hijacking protection, AWS security automation
2020-09-06 07:55

Which cybersecurity failures cost companies the most and which defenses have the highest ROI?Massachusetts Institute of Technology scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation. Essential features of security automation for the AWS platformA common security problem in AWS is an open S3 storage bucket where data is publicly readable on the Internet.

Safe domain: How to protect your enterprise from DNS hijacking
2020-09-01 04:00

In June 2020, the Japanese cryptocurrency exchange Coincheck reported that hackers gained access to its domain registrar provider and hijacked its coincheck.com domain name. The two incidents illustrate the growing threat of Domain Name System hijacking.

CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug
2020-07-17 15:43

The U.S. Cybersecurity and Infrastructure Security Agency is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a "High potential for compromise of agency information systems." "CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency said in the directive.

The effectiveness of using DNS as a foundational element in future network security best practices
2020-07-17 04:00

As cyberattacks escalate, Infoblox and Forrester Consulting investigated how security and risk teams are using their DNS investments. 94% of S&R leaders either use or consider DNS as a starting point for threat investigations but only 43% of security and risk leaders rely on DNS as a data source to complete their investigations.

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers
2020-07-15 01:02

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers
2020-07-15 01:02

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code
2020-07-15 00:40

Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization. Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.

Company web names hijacked via outdated cloud DNS records
2020-07-07 14:09

Most cloud services keep their DNS cache times, known in the jargon as TTLs or time-to-live entries, pretty small these days in order to help their services adapt more quickly to changes in network load. Hacking your DNS entries is not quite as good a result for the crooks as taking over your actual web server - they won't have your web certificate to authenticate HTTPS traffic, and they'd need to clone a huge amount of your site to make a realistic facsimile - but it's still extremely dangerous, and potentially very damaging for your brand. In the cases tracked by Edwards, it seems that a bunch of crooks have been keeping their eyes on unused Azure server names that still have trusted DNS records referring to them, and reviving those defunct server names to produce believable URLs for scams and malware campaigns.

Fake “DNS Update” emails targeting site owners and admins
2020-06-30 12:43

The link took them to a "Surprisingly believable" phishing page with logos and icons that matched their service provider, and instructed them to enter their WordPress account username and password to start the update. "The scam then shows you some fake but believable progress messages to make you think that a genuine 'site upgrade' has kicked off, including pretending to perform some sort of digital 'file signing' at the end," Sophos's security proselytiser Paul Ducklin explained.

Beware “secure DNS” scam targeting website owners and bloggers
2020-06-29 18:15

We care about your privacy and the protection of your domains, so we will soon be upgrading them, from basic Domain Name System to Domain Name System Security Extensions. As you probably know, DNS is short for domain name system, and it's the globally distributed database that turns server names that humans can remember, such as nakedsecurity.