The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.
The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek.
BIND Updates Patch High-Severity Vulnerabilities
Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers.
The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare.
The post Internet Infrastructure TLD .arpa Abused in Phishing Attacks appeared first on SecurityWeek.
BIND Updates Address High-Severity Cache Poisoning Flaws
The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache.
The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek.
Chinese Hackers Deliver Malware via ISP-Level DNS Poisoning
Chinese group StormBamboo spotted delivering Windows and macOS malware by compromising an ISP and using DNS poisoning.
The post Chinese Hackers Deliver Malware via ISP-Level DNS Poisoning appeared first on SecurityWeek.
Over 35k Domains Hijacked in ‘Sitting Ducks’ Attacks
Threat actors have hijacked over 35,000 domains in five years because DNS providers fail to properly verify domain ownership.
The post Over 35k Domains Hijacked in ‘Sitting Ducks’ Attacks appeared first on SecurityWeek.
Hackers Exploit Flaw in Squarespace Migration to Hijack Domains
Hackers exploited a flaw to hijack cryptocurrency domains that were migrated from Google Domains to Squarespace.
The post Hackers Exploit Flaw in Squarespace Migration to Hijack Domains appeared first on SecurityWeek.
Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks
Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.
The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek.
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report
While China-linked Muddling Meerkat’s operations look like DNS DDoS attacks, it seems unlikely that denial of service is their goal, at least in the near term.
The post Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report appeared first on SecurityWeek.
KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers
Patches released for a new DNSSEC vulnerability named KeyTrap, described as the worst DNS attack ever discovered.
The post KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers appeared first on SecurityWeek.
