Security News

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

Google has released version 83 of it's popular Chrome web browser, which includes new security and privacy features and fixes for security issues. The enhanced Safe Browsing mode will allow users to get a more personalized protection against malicious sites.

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, potentially causing a botnet-scale disruption to online services.

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice, potentially causing a botnet-scale disruption to online services.

Several major providers of DNS services and software have been working to address a serious DNS vulnerability that could allow malicious actors to launch significant distributed denial-of-service attacks. The flaw exists in the DNS protocol and it affects all recursive DNS resolvers.

Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10. We've explained encrypted DNS before, but briefly, it encrypts DNS queries between your computer and the DNS resolver so those in between can't see which websites or other URLs you're asking for.

Microsoft has announced the first testable version of DNS-Over-HTTPS support, available for its Windows 10 operating system. Support for the DoH protocol, which Microsoft first announced in November, is available in the Windows 10 Insider Preview Build 19628.

These new capabilities enable network teams to better integrate cloud resources in Amazon Web Services with on-premises networks, protect themselves from advanced cyber threats, and reduce the risk of network outages. Because the new universal work from home reality has introduced new risks to enterprise networks, BlueCat also introduced several security improvements to BlueCat Threat Protection, its DNS firewall solution.

The DHS's Cybersecurity & Infrastructure Security Agency published a memorandum on April 21 warning agency CIOs that they're legally bound to use its internal EINSTEIN network security system when resolving DNS queries. The first is DNS over TLS. This uses Transport Layer Security - the successor to SSL - to encrypt the queries directly and verify the server's identity using digital certificates.

A memorandum sent by the United States Cybersecurity and Infrastructure Security Agency to Chief Information Officers at federal agencies reminds them to use EINSTEIN 3 Accelerated's Domain Name System sinkholing capability for DNS resolution. In the United States, DNS resolution services provided by CISA are mandatory in most federal agencies in the executive branch.