Security Alerts & News
by Tymoteusz A. Góral

History
#1328 Unsecured DNSSEC easily weaponized, researchers warn
DNSSEC is not invincible. Researchers this week described how a DNSSEC-based flood attack could easily knock a website offline and allow for the insertion of malware or exfiltration of sensitive data.

The intent of Domain Name System Security Extensions, or DNSSEC, is to bolster DNS through a series of complex digital signatures. But if it is not secured properly it can fall victim to cache poisoning and malicious redirection attacks, experts warn.

Researchers at Neustar explained in a paper, “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us” on Tuesday how DNSSEC can be reflected and leveraged by “ANY” queries to carry out DDoS attacks. “ANY” queries are favored by hackers; responses to them are exponentially larger than a normal DNS reply, researchers claim.
Read more
#1329 Google hopes to sniff out OSX badware
#1328 Unsecured DNSSEC easily weaponized, researchers warn
#1327 Locky targets hospitals In massive save of ransomware attacks
#1326 Millions of Steam game keys stolen after hacker breaches gaming site
#1325 "Smart" electrical socket leaks your email address, can launch DDoS attacks
#1324 Malware infected all Eddie Bauer stores in US, Canada
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12