Hackers Target Internet Address Bug to Disrupt Sites

software-bug-750x500.jpgThe bug targets systems which convert URLs into IP addresses.


Internet users could be affected by exploits that throw websites offline Hackers are exploiting a serious flaw in the Internet's architecture, according to a security firm.

The bug targets systems, which convert domain names into IP addresses. Exploiting it could threaten the smooth running of Internet services as it allows hackers to launch denial-of-service attacks on websites, potentially forcing them offline.

Regular Internet users are unlikely to be severely affected, however.

Bind is the name of a variety of Domain Name System (DNS) software used on the majority of Internet servers.

The recently identified bug allows attackers to crash the software, therefore taking the DNS service offline and preventing URLs, for example, from working. A patch for the flaw is already available, but many systems are yet to be updated.

The Internet Systems Consortium (ISC), which develops Bind, said in a tweet that the vulnerability was "particularly critical" and "easily exploited".

Daniel Cid, a networking expert at Sucuri has published a blog post on the vulnerability in which he explained that real exploits taking advantage of the flaw have already happened. He told the BBC: "A few of our clients, in different industries, had their DNS servers crashed because of it. Based on our experience, server software, like Bind, Apache, OpenSSL and others, do not get patched as often as they should."

Cybersecurity expert Brian Honan commented that a spike in exploits of the flaw was expected over the next few days. However, he added that websites would often still be accessible via other routes and cached addresses on DNS servers around the world, even when certain key DNS servers have been made to crash.

"It's not a doomsday scenario, it's a question of making sure the DNS structure can continue to work while patches are rolled out," he said. The impact on general Internet users is likely to be minimal, according to Mr Cid. "Average Internet users won't feel much pain, besides a few sites and email servers down," he said.
BBC: http://http://bbc.in/1DpQhd6

 

 

« Predictive Policing Technology Arrests
Switzerland & Austria Investigate Claims of Electronic Spying at Iran Talks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Ribbon Communications

Ribbon Communications

Ribbon Communications delivers global communications software and network solutions to service providers, enterprises, and critical infrastructure sectors.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.