New DNS vulnerability allows 'nation-state level spying' on companies
#1
Information 
Quote:Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.
 
DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organizations that do not want to manage and secure yet another network asset on their own.
 
As revealed at the Black Hat security conference by cloud security firm Wiz researchers Shir Tamari and Ami Luttwak, these DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.
 
The exploitation process is quite simple, as they explained: they registered a domain and used it to hijack a DNSaaS provider's nameserver (in their case, Amazon Route 53) which enabled them to wiretap on dynamic DNS traffic streaming from Route 53 customers' networks.
 
"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google," the Wiz researchers said.
"The dynamic DNS traffic we 'wiretapped' came from over 15,000 organizations, including Fortune 500 companies, 45 U.S. government agencies, and 85 international government agencies."

Read more: New DNS vulnerability allows 'nation-state level spying' on companies
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
New DNS vulnerability allows 'nation-state level spying' on companies - by silversurfer - 06 August 21, 14:53

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>