• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
unpatched dns related vulnerability affects a wide range of iot

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

You are here: Home / General Cyber Security News / Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices
May 3, 2022

Cybersecurity scientists have disclosed an unpatched security vulnerability that could pose a major risk to IoT goods.

The issue, which was originally described in September 2021, affects the Area Name Technique (DNS) implementation of two common C libraries identified as uClibc and uClibc-ng that are utilised for creating embedded Linux programs.

uClibc is recognized to be used by significant suppliers these kinds of as Linksys, Netgear, and Axis, as perfectly as Linux distributions like Embedded Gentoo, most likely exposing thousands and thousands of IoT units to security threats.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The flaw is caused by the predictability of transaction IDs incorporated in the DNS requests generated by the library, which may perhaps make it possible for attackers to execute DNS poisoning attacks versus the target unit,” Giannis Tsaraias and Andrea Palanca of Nozomi Networks mentioned in a Monday compose-up.

DNS poisoning, also referred to as DNS spoofing, is the method of corrupting a DNS resolver cache — which provides consumers with the IP handle connected with a domain identify — with the objective of redirecting customers to destructive web sites.

CyberSecurity

Effective exploitation of the bug could let an adversary to have out Gentleman-in-the-Center (MitM) attacks and corrupt the DNS cache, properly rerouting internet website traffic to a server under their manage.

Nozomi Networks cautioned that the vulnerability could be trivially exploited in a trusted manner should the working process be configured to use a mounted or predictable resource port.

“The attacker could then steal and/or manipulate facts transmitted by users, and accomplish other attacks from all those products to entirely compromise them,” the researchers mentioned.

Identified this posting fascinating? Comply with THN on Facebook, Twitter  and LinkedIn to browse far more distinctive information we write-up.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «new hacker group pursuing corporate employees focused on mergers and New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions
Next Post: Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector chinese hackers caught exploiting popular antivirus products to target telecom»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace

Copyright © TheCyberSecurity.News, All Rights Reserved.