• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

You are here: Home / General Cyber Security News / Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices
May 3, 2022

Cybersecurity scientists have disclosed an unpatched security vulnerability that could pose a major risk to IoT goods.

The issue, which was originally described in September 2021, affects the Area Name Technique (DNS) implementation of two common C libraries identified as uClibc and uClibc-ng that are utilised for creating embedded Linux programs.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


uClibc is recognized to be used by significant suppliers these kinds of as Linksys, Netgear, and Axis, as perfectly as Linux distributions like Embedded Gentoo, most likely exposing thousands and thousands of IoT units to security threats.

“The flaw is caused by the predictability of transaction IDs incorporated in the DNS requests generated by the library, which may perhaps make it possible for attackers to execute DNS poisoning attacks versus the target unit,” Giannis Tsaraias and Andrea Palanca of Nozomi Networks mentioned in a Monday compose-up.

DNS poisoning, also referred to as DNS spoofing, is the method of corrupting a DNS resolver cache — which provides consumers with the IP handle connected with a domain identify — with the objective of redirecting customers to destructive web sites.

CyberSecurity

Effective exploitation of the bug could let an adversary to have out Gentleman-in-the-Center (MitM) attacks and corrupt the DNS cache, properly rerouting internet website traffic to a server under their manage.

Nozomi Networks cautioned that the vulnerability could be trivially exploited in a trusted manner should the working process be configured to use a mounted or predictable resource port.

“The attacker could then steal and/or manipulate facts transmitted by users, and accomplish other attacks from all those products to entirely compromise them,” the researchers mentioned.

Identified this posting fascinating? Comply with THN on Facebook, Twitter  and LinkedIn to browse far more distinctive information we write-up.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «github says recent attack involving stolen oauth tokens was "highly GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices
  • GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”
  • Spyware Found on Spanish PM’s Phone
  • Californian Phished $23.5m from DoD
  • American Idol Winner Accused of Spying on Ex-girlfriend
  • Chinese “Override Panda” Hackers Resurface With New Espionage Attacks
  • Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload
  • Deep Dive: Protecting Against Container Threats in the Cloud
  • Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia
  • Google Releases First Developer Preview of Privacy Sandbox on Android 13

Copyright © TheCyberSecurity.News, All Rights Reserved.