A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts.
The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber attacks eye-opening. Here’s what you need to know. The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability such an attack exploits. “The attack takes advantage of misconfigurations in the Domain Name System settings for an internet domain,” the threat intelligence analysts said, “specifically when the domain server points to the wrong authoritative name server.”
Read more…
Source: Forbes News
Related:
- Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
July 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...