The Cyber Security Agency’s (CSA) Singapore Computer Emergency Response Team (SingCert) has issued an alert on Thursday (15 Apr) following the discovery of multiple Domain Name System (DNS) implementation vulnerabilities that affected over 100 million devices.

“Security researchers have discovered multiple Domain Name System (DNS) implementation vulnerabilities in four popular TCP/IP network stacks,” it stated.

The vulnerabilities, dubbed as NAME:WRECK, affected over 100 million devices running on FreeBSD, IPnet, NetX and Nucleus NET stacks.

SingCert noted that vulnerable devices could be “subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks”.

While security patches have been released to address the vulnerabilities, it advised administrators of the affected stacks “to apply the patch immediately”.

However, if the patching is not available, SingCert recommended administrators enforcing segmentation controls and proper network hygiene measures.

It also suggested monitoring progressive patches released by affected device vendors, configure devices to rely on internal DNS servers, and monitor all network traffic for malicious packets.

Meanwhile, ST reported that many security researchers revealed the most affected organisations are in the healthcare and Government sectors. Other sectors include entertainment, retail, manufacturing, financial services and technology.

Speaking to Computer Weekly on Tuesday (13 Apr), Forescout Research Labs’ research manager Daniel dos Santos branded NAME:WRECK as “a significant and widespread set of vulnerabilities with the potential for large-scale disruption”.

“Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up-to-date patches for any devices running across these affected IP stacks.

“Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security,” he noted.

 

Subscribe
Notify of
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
You May Also Like

In first, Perseverance Mars rover makes oxygen on another planet

NASA’s Perseverance rover keeps making history. The six-wheeled robot has converted some…

Over 120,000 individual's data compromised in two malware incident, including that of over 100,000 MINDEF/SAF personnel

The Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF) have experienced…

Global study reveals that trust is lacking amongst people and organisations when it comes to online data

Findings from a recent global study titled “The boundaries of trust: privacy…

Total prize pool of S$360,000, attractive publishing contracts await indie game developers at ‘Storm the World 2021’ competition

Storms, a game publisher and social gaming community app, has announced the…