je.st
news
Tag: dns
DNS Flaws Expose Millions of IoT Devices to Hacker Threats
2021-04-14 13:00:00| TechNewsWorld
A set of flaws in a widely used network communication protocol that could affect millions of devices has been revealed by Forescout Research Labs and JSOF Research. The nine vulnerabilities discovered by security researchers dramatically increase the attack surface of at least 100 million Internet of Things devices, exposing them to potential attacks that could take the devices offline or to be hijacked by threat actors.
Tags: devices
millions
hacker
threats
When planning your security strategy, dont forget your DNS
2021-01-18 20:18:57| The Webmail Blog
When planning your security strategy, dont forget your DNS nellmarie.colman Mon, 01/18/2021 - 13:18 Whether they realize it or not, every organization relies on the domain name system (DNS). DNS is what allows people to find your website, shop on your ecommerce app and send you email. Its a critical service for not only your business, but the internet as a whole. As such, it makes sense that DNS servers have become a common target for cyber criminals: 82% of companies have experienced a DNS attack in the last year. 63% of companies have experienced application downtime as a result of a DNS attack. Widespread DNS hijacking was reported in 2017 and 2018, targeting multiple sectors across 12 different countries. 80% of malware uses DNS to establish a connection to a Command-and-Control (C2) server in order to steal data and spread malware. If your business relies on blacklisting Fully Qualified Domain Names (FQDNs) alone to combat DNS-based attacks, read on. Malicious actors and attack vectors are becoming more sophisticated so your security should, as well. Common DNS attack methods Your DNS servers, themselves, are not always the target of DNS-based attacks. Instead, the functionality of the DNS protocol is commonly exploited, in order to allow an attacker to exfiltrate sensitive data from your environment. Often, when a user within your network unintentionally visits a malicious site, a piece of malware is installed on the connecting machine. Once the machine is infected, it will leverage DNS to connect to the C2 server in order to receive instructions and act on them. Once an attacker has a foothold in your environment, the potential of malware spreading is greatly increased. Other leading DNS attack methods include: Domain hijacking: This can involve unauthorized changes to DNS records and/or your domain registrar, which directs traffic away from the original server to a new (often malicious) destination. DNS flood attack: This is a Distributed Denial of Service (DDoS) which affects the availability of DNS servers. DNS spoofing (cache poisoning): Attackers exploit system vulnerabilities and try to inject malicious data into a DNS resolvers cache. DNS tunneling: Once a machine is infected, the malware will abuse DNS in order to steal sensitive data and receive instructions from an attackers C2 server. A recent DNS breach reported by SecureList illustrates the scope of the challenge: In mid-May [2020], Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed NXNSAttack. The hacker sends to a legitimate recursive DNS server a request to several subdomains within the authoritative zone of its own malicious DNS server. In response, the malicious server delegates the request to a large number of fake NS servers within the target domain without specifying their IP addresses. As a result, the legitimate DNS server queries all of the suggested subdomains, which leads to traffic growing 1620 times. What makes DNS so vulnerable The essential nature of DNS functionality within organizations presents many risks for gaps in security: Because internet access is required 24x7, an effort is generally made to ensure that DNS operations are never disrupted, even for security inspections. Most DNS requests are not restricted and are therefore allowed to pass through security devices, creating a potential opening and pathway for attackers to exploit. Some organizations attempt to block DNS attacks by creating a blacklist of bad domain names. However, attackers bypass restrictions by using Domain Generation Algorithms (DGA), which allow them to create and rotate thousands of domains to keep the C2 between client and server intact, even if some of the domains are blocked. Manually blacklisting a constantly growing list of malicious domains adds substantial administrative overhead. How to secure your system against DNS attacks To address this growing threat, Palo Alto Networks launched a new feature called DNS Security, which is used in combination with the anti-spyware functionality provided through the Threat Prevention license. This feature uses a cloud service that is updated in real-time from various feeds in order to detect traffic to known-malicious domains, as well as domains which were created from a Domain Generation Algorithm (DGA). The DNS Security feature takes valuable information about known-malicious domains from multiple trusted threat-intelligence feeds and combines it with machine learning and predictive analysis in order to dynamically identify and block access to domains created by DGAs. When a client sends a request to a malicious domain, the Palo Alto Next-Generation Firewall (with DNS Security configured) intercepts the traffic and compares the DNS request with information within the cloud database. If the request shows up in the cloud database as malicious, or if DNS tunneling is suspected, the DNS request can be automatically dropped. This not only allows the connection to be stopped, but also lets an analyst know that there is a device on the network that may require further investigation. Lean on our experts We can help you take control of your DNS, through our free DNS management service included with every cloud account. Learn more about DNS services at Rackspace Technology and our complete range of security solutions. When planning your security strategy, dont forget your DNSYour online presence depends on a secure domain name system (DNS), yet its often overlooked. Find out whats at risk and what you can do about it.Protect your business, with help from our experts./securityLearn more
Tags: your
security
planning
strategy
Firefox Scrambles DNS to Boost Consumer Privacy
2020-02-26 13:00:00| TechNewsWorld
Firefox users in the United States are getting an extra measure of privacy protection starting this week, the Mozilla Foundation announced. Firefox Desktop Product Development Vice President Selena Deckelmann heralded the rollout of encrypted DNS over HTTPS, or DoH, by default in Mozilla's browser. The DNS, or Domain Name System, is one of the oldest parts of the Internet.
Tags: privacy
consumer
firefox
boost
Certain Chrome VPN Extensions Found Leaking DNS Queries
2018-05-01 15:15:24| PC Magazine Security Product Guide
Security researcher John Mason discovered that the configurations in some VPN extensions fail to mask DNS prefetching in the Chrome browser.
Tags: found
queries
dns
extensions
New Report: The DNS and Internet Navigation
2017-06-22 11:04:06| Computer Science and Telecommunications Board
The report "Signposts in Cyberspace: the Domain Name System and Internet Navigation" is now available at cstb.org...
Tags: internet
report
navigation
dns