DNS

Pierluigi Paganini June 26, 2023
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND

The Internet Systems Consortium (ISC) addressed three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The Internet Systems Consortium (ISC) released security updates to address three denial-of-service (DoS) vulnerabilities in the DNS software suite BIND. The three issues, tracked as CVE-2023-2828, CVE-2023-2829 and CVE-2023-2911, are remotely exploitable. ISC states that the three flaws, rated […]

Pierluigi Paganini May 03, 2022
A DNS flaw impacts a library used by millions of IoT devices

A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of all versions of the uClibc-ng […]

Pierluigi Paganini May 09, 2021
TsuNAME flaw exposes DNS servers to DDoS attacks

A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers. Researchers at SIDN Labs (the R&D team of the registry for .nl domains), InternetNZ (the registry for .nz domains), and the Information Science Institute at the University of Southern California has discovered a vulnerability, named […]

Pierluigi Paganini July 14, 2020
Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Microsoft’s Patch Tuesday security updates for July 2020 addressed a 17-year-old wormable vulnerability for hijacking Microsoft Windows Server dubbed SigRed Microsoft’s Patch Tuesday addressed a 17-year-old wormable vulnerability for hijacking Microsoft Windows Server tracked CVE-2020-1350 and dubbed SigRed. The issue received a severity rating of 10.0 on the CVSS scale and affects Windows Server versions […]

Pierluigi Paganini November 08, 2019
DNA-testing startup Veritas Genetics disclosed a security breach

DNA-testing startup Veritas Genetics disclosed a security breach that exposed customer information, but genetic information, health records are not affected. Veritas Genetics is a whole genome sequencing company that provides actionable insights for a healthier life and family, it offers whole-genome sequencing for $599. The company announced that it recently discovered authorized access to its customer-facing […]

Pierluigi Paganini February 25, 2019
ICANN warns of large-scale attacks on Internet infrastructure

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks. ICANN warns of “an ongoing and significant risk” to key […]

Pierluigi Paganini January 17, 2018
Internet Systems Consortium rolled out a patch for a BIND security flaw caused DNS Servers Crash

The Internet Systems Consortium (ISC) has issued security updates for BIND to address a high severity vulnerability that could cause DNS servers crash. The Internet Systems Consortium (ISC) has rolled out security updates for BIND to address a high severity vulnerability that could be remotely exploited to crash DNS servers. The flaw discovered by Jayachandran […]

Pierluigi Paganini November 29, 2017
Recently Patched Dnsmasq still affect Siemens Industrial devices

Siemens published a security advisory to confirm that four of the seven Dnsmasq vulnerabilities affect some of its SCALANCE products In October, Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package. From the authors’ website, “Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot.” In practice, the Dnsmasq code has been widely leveraged in […]

Pierluigi Paganini November 20, 2017
Global Cyber Alliance launched the Quad9 DNS service to secure your online experience

Global Cyber Alliance launched the Quad9 DNS service, the free DNS service to secure your online experience and protect your privacy. The Global Cyber Alliance (GCA) has launched the Quad9 DNS service (9.9.9.9), a new free Domain Name Service resolver that will check user’s requests against the IBM X-Force’s threat intelligence database. The Quad9 DNS service non only […]

Pierluigi Paganini October 10, 2017
Microsoft’s October Patch Tuesday addresses critical Windows DNS client Zero-Day Flaws tied to DNSSEC

Microsoft’s October Patch Tuesday addresses three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Microsoft’s October Patch Tuesday addresses three critical security vulnerabilities in the Windows DNS client in Windows 8, Windows 10, and Windows Server 2012 and 2016. The vulnerabilities affect the Microsoft’s implementation of one of the data record features used in the secure […]