Security analysts have discovered a previously undocumented remote access trojan (RAT) named ‘EarlyRAT,’ used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Security analysts have discovered a previously undocumented remote access trojan (RAT) named ‘EarlyRAT,’ used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group. […] Read More
BleepingComputer
BIND DNS Vulnerability Lets Attackers Flood Server With DNS Messages
The Internet Systems Consortium (ISC) has released critical security advisories addressing multiple vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 software, a cornerstone of the Domain Name System (DNS) infrastructure.
These vulnerabilities, identified as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, could allow attackers to destabilize DNS servers, leading to denial-of-service (DoS) conditions.
The most alarming of these vulnerabilities, CVE-2024-0760, involves a scenario where a malicious client can flood the server with DNS messages over TCP, potentially rendering the server unstable during the attack.
This particular exploit poses a significant threat as it can be executed remotely, making it easier for attackers to disrupt services without direct access to the server.
Another critical vulnerability, CVE-2024-1975, allows attackers to exhaust CPU resources using SIG(0) messages, which could slow down or crash the server. CVE-2024-1737 affects the server’s database performance when many resource records (RRs) exist simultaneously, causing significant delays.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Lastly, CVE-2024-4076 can trigger assertion failures when the server handles stale cache data and authoritative zone content simultaneously, leading to potential system crashes.
These vulnerabilities have raised alarms across various sectors, including financial institutions, government agencies, and internet service providers (ISPs), all of which rely heavily on BIND for DNS resolution. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged users and administrators to apply the necessary updates immediately to mitigate these risks.
BIND 9, known for being the first and most widely deployed DNS solution, has a long history of being targeted due to its critical role in internet infrastructure. Previous high-profile attacks, such as the 2016 distributed denial-of-service (DDoS) attack on Dyn’s servers, have highlighted the potential for widespread disruption when DNS services are compromised.
The ISC has released patches to address these vulnerabilities, and users are strongly encouraged to upgrade to the latest versions to protect their systems. The affected versions include 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, and 9.19.0 to 9.19.8. The updates are crucial to maintaining the stability and security of DNS operations.
As the internet continues evolving, ensuring foundational technologies like DNS security remains paramount.
Before initiating the update process, it is essential to assess the potential impact on your business operations. Consider the following:
Identify all systems running affected versions of BIND.
Evaluate the criticality of the systems and the potential downtime required for updates.
Communicate with stakeholders about the planned update and its potential impact.
Ensure that you have a complete backup of your current BIND configuration and any relevant data. This step is crucial to restore services quickly if something goes wrong during the update process.
Visit the ISC website or your package manager to download the latest patches for BIND. The affected versions include:
9.16.0 to 9.16.36
9.18.0 to 9.18.10
9.19.0 to 9.19.8
Follow these steps to apply the updates:
For Linux-based systems:textsudo apt-get update sudo apt-get install bind9 ortextsudo yum update bind
For source installations:textwget https://downloads.isc.org/isc/bind9/9.x.x/bind-9.x.x.tar.gz tar -zxvf bind-9.x.x.tar.gz cd bind-9.x.x ./configure make sudo make install
After applying the updates, verify that the BIND server is running the latest version:
textnamed -v
Ensure that the version number matches the latest patched version.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
The post BIND DNS Vulnerability Lets Attackers Flood Server With DNS Messages appeared first on Cyber Security News.
Eric Tillman: A creative way into cyber. [Intelligence]
Eric Tillman, Chief Intelligence Officer at N2K Networks sits down and shares his incredibly creative journey. Eric loved being creative from a young age. When he started to think about a career he wanted to incorporate his love of creativity into his love for tech and turn it into an intelligence career. Eric started by joining the Navy, which set him on this path to work in cyber where he shared his talents with several big companies, including, Booz Allen Hamilton, Lockheed Martin, and Okta, eventually ending up at our very own N2K Networks. Eric shares the advice that there is something for everyone in this field, and even though he wanted to start his journey in a creative way, he found that combining his love for tech and art helped him to pave the way to where he is now. He says ” A lot of people get here from a very technical background and um, it really almost doesn’t matter um, where you came from, there is something in cybersecurity that takes advantage of the skills that you bring to the table and, um, either way, there’s plenty of room here for everyone.” We thank Eric for sharing his story with us. Read More
The CyberWire
Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
VMware’s Threat Analysis Unit finds 34 new vulnerable kernel drivers that can be exploited to alter or erase firmware and escalate privileges.
The post Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges appeared first on SecurityWeek.
SecurityWeek RSS Feed