Tech
Over 100mil devices at risk from NAME:WRECK DNS bugs, CSA advise firms to patch systems immediately
The Cyber Security Agency’s (CSA) Singapore Computer Emergency Response Team (SingCert) has issued an alert on Thursday (15 Apr) following the discovery of multiple Domain Name System (DNS) implementation vulnerabilities that affected over 100 million devices.
“Security researchers have discovered multiple Domain Name System (DNS) implementation vulnerabilities in four popular TCP/IP network stacks,” it stated.
The vulnerabilities, dubbed as NAME:WRECK, affected over 100 million devices running on FreeBSD, IPnet, NetX and Nucleus NET stacks.
SingCert noted that vulnerable devices could be “subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks”.
While security patches have been released to address the vulnerabilities, it advised administrators of the affected stacks “to apply the patch immediately”.
However, if the patching is not available, SingCert recommended administrators enforcing segmentation controls and proper network hygiene measures.
It also suggested monitoring progressive patches released by affected device vendors, configure devices to rely on internal DNS servers, and monitor all network traffic for malicious packets.
Meanwhile, ST reported that many security researchers revealed the most affected organisations are in the healthcare and Government sectors. Other sectors include entertainment, retail, manufacturing, financial services and technology.
Speaking to Computer Weekly on Tuesday (13 Apr), Forescout Research Labs’ research manager Daniel dos Santos branded NAME:WRECK as “a significant and widespread set of vulnerabilities with the potential for large-scale disruption”.
“Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up-to-date patches for any devices running across these affected IP stacks.
“Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security,” he noted.
-
Opinion6 days ago
Who’s to blame for Singapore’s cost of living crisis? A demand for clarity and accountability
-
Politics1 week ago
Lee Hsien Loong to step down as PAP secretary-general after 20 years of leadership
-
Politics1 week ago
PM Wong calls for unity, warns of opposition risks ahead of election at PAP’s 70th anniversary
-
Comments1 week ago
Netizens criticise PM Wong for blaming opposition while PAP policies exacerbate inflationary pressures
-
Civil Society4 days ago
Over 10,000 sign petition urging Singapore to expedite recognition of the State of Palestine
-
Court Cases2 weeks ago
MinLaw addresses misuse of court processes amid Prof Ben Leong’s defamation case
-
Civil Society2 weeks ago
‘We cannot afford a 2nd Geno,’ Ben Leong announces 5 BTC fund to counter defamation lawfare
-
Politics1 week ago
People’s Action Party elects members of its 38th Central Executive Committee