The Cyber Security Agency’s (CSA) Singapore Computer Emergency Response Team (SingCert) has issued an alert on Thursday (15 Apr) following the discovery of multiple Domain Name System (DNS) implementation vulnerabilities that affected over 100 million devices.

“Security researchers have discovered multiple Domain Name System (DNS) implementation vulnerabilities in four popular TCP/IP network stacks,” it stated.

The vulnerabilities, dubbed as NAME:WRECK, affected over 100 million devices running on FreeBSD, IPnet, NetX and Nucleus NET stacks.

SingCert noted that vulnerable devices could be “subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks”.

While security patches have been released to address the vulnerabilities, it advised administrators of the affected stacks “to apply the patch immediately”.

However, if the patching is not available, SingCert recommended administrators enforcing segmentation controls and proper network hygiene measures.

It also suggested monitoring progressive patches released by affected device vendors, configure devices to rely on internal DNS servers, and monitor all network traffic for malicious packets.

Meanwhile, ST reported that many security researchers revealed the most affected organisations are in the healthcare and Government sectors. Other sectors include entertainment, retail, manufacturing, financial services and technology.

Speaking to Computer Weekly on Tuesday (13 Apr), Forescout Research Labs’ research manager Daniel dos Santos branded NAME:WRECK as “a significant and widespread set of vulnerabilities with the potential for large-scale disruption”.

“Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up-to-date patches for any devices running across these affected IP stacks.

“Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security,” he noted.

 

Subscribe
Notify of
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
You May Also Like

S’pore subscription addiction contributes S$115 million to the economy monthly: Finder survey

Singapore’s subscription addiction contributed to an estimated S$115 million to the economy…

5 mistakes that could cost you big when sourcing for a video conferencing tool

by Jessica McClennen The wrong video conferencing tool could land your teams…

Huawei named one of top 10 most valuable brands by Brand Finance

Earlier today (29 Jan), Huawei announced that Brand Finance, a leading brand…

Nearly 50 million Facebook accounts hacked due to existing vulnerability on platform

Facebook users were shocked as the news spread about how nearly 50…