Recently a very new set of vulnerabilities has been detected by cybersecurity researchers, and according to their report, this vulnerability is continuously affecting the major DNS-as-a-Service (DNSaaS) providers.
This vulnerability is quite critical and it might enable the threat actors to exfiltrate all the delicate data from corporate networks.
However, we all know that DNSaaS providers that are also know as managed DNS providers are very popular, as this provides DNS renting co-operations to those businesses who don’t want to maintain and secure another additional network asset on their own.
Apart from this, it was also being revealed by the cloud security firm Wiz researchers, Shie Tamari and Ami Luttwak at the Black Hat security conference that these DNS flaws contribute to threat actors with nation-state intelligence-gathering abilities with simple domain registration.
After investigating the whole matter, the experts have explained that how a user can exploit the DNS bug, initially we all know that there were two main players one is:
The experts have claimed that DNS host is the service that is reliable for hosting all DNS records. On the other side, you can purchase domain names in a domain registrar.
Not only this but there are also DNS hosting providers that generally offer domain registration and many more things. But the experts have notified that one should not get confused by these two services as both of them does different work.
The process of exploitation is quite simple, as they generally registered a domain and later use it to seize a DNSaaS provider’s nameserver.
Doing this enables them to wiretap on dynamic DNS traffic that is frequently streaming from Route 53 customers’ networks.
While according to the report, the dynamic DNS traffic that the analysts ‘wiretapped’ developed from over 15,000 businesses, which also include Fortune 500 companies, 45 U.S. government agencies, and 85 international government businesses.
All the data which were being harvested has been extended from employee/computer names and locations that contain very sensitive details concerning organizations’ foundation, which also include Internet-exposed network devices as well.
During the investigation the experts found many key details regarding the vulnerability, however, they also mapped the office locations with the help of the world’s largest services companies using network traffic, and after mapping it they came to know that they have received 40,000 corporate endpoints.
However, it has not been cleared yet that who should fix this critical DNS bug. As Microsoft has demonstrated, that this flaw is a known misconfiguration that happens when a company works with outer DNS resolvers.
To avoid DNS conflicts and issues, Redmond recommends using separate DNS names and zones for internal as well as for external hosts. Doing this will help to bypass DNS conflicts and network issues.
Google has announced the release of Chrome 122, marking a pivotal moment for the popular…
In a critical security advisory, ConnectWise has alerted users of its ScreenConnect remote access software…
Threat actors target military technologies to gain a strategic advantage, access classified information, and compromise…
In a significant blow to the global ransomware landscape, international law enforcement agencies have successfully…
A critical vulnerability in Microsoft Exchange Server, identified as CVE-2024-21410, has been reported to be…
A critical Remote Code Execution (RCE) vulnerability in the Bricks Builder theme for WordPress has…