Security News

The U.S. Cybersecurity and Infrastructure Security Agency is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a "High potential for compromise of agency information systems." "CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency said in the directive.

As cyberattacks escalate, Infoblox and Forrester Consulting investigated how security and risk teams are using their DNS investments. 94% of S&R leaders either use or consider DNS as a starting point for threat investigations but only 43% of security and risk leaders rely on DNS as a data source to complete their investigations.

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization. Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.

Most cloud services keep their DNS cache times, known in the jargon as TTLs or time-to-live entries, pretty small these days in order to help their services adapt more quickly to changes in network load. Hacking your DNS entries is not quite as good a result for the crooks as taking over your actual web server - they won't have your web certificate to authenticate HTTPS traffic, and they'd need to clone a huge amount of your site to make a realistic facsimile - but it's still extremely dangerous, and potentially very damaging for your brand. In the cases tracked by Edwards, it seems that a bunch of crooks have been keeping their eyes on unused Azure server names that still have trusted DNS records referring to them, and reviving those defunct server names to produce believable URLs for scams and malware campaigns.

The link took them to a "Surprisingly believable" phishing page with logos and icons that matched their service provider, and instructed them to enter their WordPress account username and password to start the update. "The scam then shows you some fake but believable progress messages to make you think that a genuine 'site upgrade' has kicked off, including pretending to perform some sort of digital 'file signing' at the end," Sophos's security proselytiser Paul Ducklin explained.

We care about your privacy and the protection of your domains, so we will soon be upgrading them, from basic Domain Name System to Domain Name System Security Extensions. As you probably know, DNS is short for domain name system, and it's the globally distributed database that turns server names that humans can remember, such as nakedsecurity.

Encrypted DNS, as its name suggests, encrypts those queries to shield them from snoops and meddlers. A year later, a research paper presented at a Usenix conference underscored the need for better security when it reported that about 8.5 per cent of DNS queries were intercepted by service providers.

Comcast has agreed to be the first home broadband internet provider to handle secure DNS-over-HTTPS queries for Firefox browser users in the US, Mozilla has announced. This means the ISP, which has joined Moz's Trusted Recursive Resolver Program, will perform domain-name-to-IP-address lookups for subscribers using Firefox via encrypted HTTPS channels.