#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

DNS Cache Poisoning | Breaking Cybersecurity News | The Hacker News

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

Jan 18, 2024 Firmware Security / Vulnerability
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface ( UEFI ) specification used widely in modern computers. Collectively dubbed  PixieFail  by Quarkslab, the  nine issues  reside in the TianoCore EFI Development Kit II ( EDK II ) and could be exploited to achieve remote code execution, denial-of-service (DoS), DNS cache poisoning, and leakage of sensitive information. UEFI firmware – which is responsible for  booting the operating system  – from AMI, Intel, Insyde, and Phoenix Technologies are impacted by the shortcomings. EDK II incorporates its own TCP/IP stack called  NetworkPkg  to enable network functionalities available during the initial Preboot eXecution Environment ( PXE , pronounced "pixie") stage, which allows for management tasks in the absence of a running operating system. In other words, it is a client-server interface to  boot a
New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Nov 19, 2021
Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The  attack  allows an off-path attacker to inject a malicious DNS record into a DNS cache," University of California researchers Keyu Man, Xin'an Zhou, and Zhiyun Qian  said . "SAD DNS attack allows an attacker to redirect any traffic (originally destined to a specific domain) to his own server and then become a man-in-the-middle (MITM) attacker, allowing eavesdropping and tampering of the communication." The latest flaw affects Linux kernels as well as popular DNS software, including BIND, Unbound, and dnsmasq running on top of Linux, but not when run on other operating systems FreeBSD or Windows. From Kaminsky Attack to SAD DNS DNS cache poisoning, also called DNS spoofing, is a  technique  i
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

Nov 13, 2020
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Cybersecurity Resources