Researchers at Tel Aviv University (TAU) and the Interdisciplinary Center in Herzliya discovered a previously unknown Distributed Denial of Service exploit.
The team suggested a vulnerability within the Domain Name System (DNS) may have been responsible for a massive 2016 breach that crippled Amazon, Reddit, Spotify, and Slack; the attack used more than 1 million Internet of Things devices.
The NXNSAttack involves an attacker infiltrating a DNS server and redirecting the resolver to send hundreds of thousands of requests to servers.
The researchers alerted Google, Microsoft, Cloudflare, Amazon, Oracle’s Dyn, Verisign, and Quad9 (a nonprofit operating a privacy-and-security-centric public DNS resolver), which updated their software.
TAU’s Afek said, "Our discovery has prevented major potential damage to Web services used by millions of users worldwide."
From The Jerusalem Post
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA