🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We're releasing some new vulnerability findings tomorrow. Spoiler alert: It was DNS!

Today we release #DNSpooq - 7 vulnerabilities in dnsmasq, a popular open source DNS forwarder. 3 vulnerabilities enable cache poisoning and the other 4 are pre-DNSSEC-validation buffer overflows. Patch! jsof-tech.com/disclosures/dn…

DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks securityweek.com/dnspooq-flaws-…

Sounds like you will soon be able to know if your device is vulnerable to #Dnspooq. Good stuff @VDOOSecurity

Great writeup by Red Hat, and there's a script here to check if your dnsmasq is vulnerable

Thank you Vijay Sarvepalli and ICS-CERT CERT/CC for orchestrating the disclosure of @dnspooq!

Some recommended workarounds for #dnspooq if you can't upgrade your device. Configuring your devices to directly query a trusted DNS server would also be helpful.

Supply chain issues affect Open Source Software too. Dnsmasq is extremely popular (and for a good reason!) and so the vulnerabilities affect dozens of vendors and many major Linux distributions.

The #Dnspooq graphic design award goes to BleepingComputer ! P.S. upgrade your dnsmasq to version 2.83 or above

The Qualys Research Team has discovered a critical vulnerability in #Sudo, which allows an unprivileged user to gain root privileges in its default configuration. #linux #unix #vulnerability blog.qualys.com/vulnerabilitie…

Were there just 3 RCEs in ipv4 ipv6 and DNS on windows?

Announcing the latest research by JSOF Cyber Security and Forescout Great coverage by Catalin Cimpanu as always. #NameWreck #IoT #Cyber

As part of Project Memoria we're releasing a report together with JSOF Cyber Security on several DNS vulnerabilities in popular TCP/IP stacks (FreeBSD, NetX, Nucleus NET, ...), including a breakdown of underlying anti-patterns (hint: check your message compression). forescout.com/research-labs/…

Forescout & JSOF Cyber Security research disclose NAME:WRECK - 9 new DNS #vulnerabilities affecting popular TCP/IP stacks used in millions of #IoT #OT & IT devices. ow.ly/62ne50EnkpK #NAMEWRECK

I found some design and implementation flaws in Wi-Fi again. All Wi-Fi devices are affected. It was a long ~9 months embargo, over this time a lot of info has been collected and that info now available at fragattacks.com