#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Cache Poisoning | Breaking Cybersecurity News | The Hacker News

Category — Cache Poisoning
Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Aug 04, 2021
Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology (OT) devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. The shortcomings, collectively dubbed "INFRA:HALT," target NicheStack, potentially enabling an attacker to achieve remote code execution, denial of service, information leak, TCP spoofing, and even DNS cache poisoning. NicheStack (aka InterNiche stack) is a closed-source TCP/IP stack for embedded systems that is designed to provide internet connectivity industrial equipment, and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers (PLCs) and other products. "Attackers could disrupt a building's HVAC system or take ...
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

Nov 13, 2020
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Nov 22, 2024Google Workspace / SaaS Backup
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that's both scalable and adaptable. As companies shift from traditional, on-premises setups focused on device security, to more user-centered, hybrid models, Google Workspace is perfectly positioned to support this evolution. Now, the user account itself is the central hub, allowing access from any device or location — a game changer in today's remote and distributed work environments. However, with all this connectivity and flexibility comes a challenge. Google Workspace connects to countless apps and touches every user in the organization, making it an appealing target for cybercriminals. The platform's internet accessibility opens up additional entry points, raisi...
Expert Insights / Articles Videos
Cybersecurity Resources