NEW!Enroll into our new Ethical Hacking Playlist. Watch Now

[quads id=1]

Ethical HackingHackers NewsNews

NAME: WRECK DNS Bugs: What You Need to Know

2 Mins read
[quads id=3]

What is NAME:WRECK Bug ?

New 9 viruses have been discovered called the NAME: WRECK Bugs. Four most commonly used  TCP/IP stacks, FreeBSD, IPnet, Nucleus NET, and NetX are attacked by these newly discovered 9 NAME: WRECK Bug, which are present in the well-known IT sector

FreeBSD runs on high-performance servers on millions of networks and is also used on other well-known applications such as firewalls and some commercial network appliances. Nucleus NET is very well known in the medical sector. It has over three billion known installations in medical devices, avionics systems, and building automation.

NetX, meanwhile, runs in medical devices, systems-on-a-chip, and several types of printers, as well as energy and power equipment in industrial control systems (ICS).

NAME: WRECK is a significant and widespread set of vulnerabilities with the potential for large-scale disruption

Daniel dos Santos, research manager at Forescout Research Labs.

“Complete protection against NAME: WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organizations to make sure they have the most up-to-date patches for any devices running across these affected IP stacks.”

“Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security.”

Photo by Florian Krumm on Unsplash

What does NAME:WRECK Bug do to the servers ?

The NAME: WRECK Bug impacts organizations in multiple sectors, manufacturing and retail, from the government to healthcare, and if successfully hacked by malicious actors in a denial of service (DoS) or remote code execution (RCE) attack, could be used to disrupt or take control of networks in question.

NAME: WRECK is the second major set of TCP/IP vulnerabilities uncovered by Forescout’s team discovered NAME: WRECK Bugs and said that it is the second major set of TCP/IP as part of a research program called Project Memoria.

What Should Users Of Servers In Question Do To Avoid Being Attacked By The NAME:WRECK Bug ?

In the light of this, Forescout and JSOF are recommending a series of mitigations:

  • Servers in question should try to discover and inventory devices running the vulnerable stacks – Forescout has pushed out an open source script that gives access to authorized fingerprints. It is also being updated as and when new developments occur.
  • Enforcing segmentation controls and increasing network hygiene, restricting external ways of communication and not using vulnerable devices anymore if they cannot be patched.
  • checking if patches being dropped by affected device suppliers and devise a remediation plan for inventory that got affected.
  • Configuring affected devices to run on internal DNS servers, and monitor external DNS traffic(It is a system that helps in naming computer systems, networks, services and other resources hierarchically and in a decentralized manner, connected to internet.)
  • checking all their network traffic for hackers trying to exploit known vulnerabilities or weaknesses or zero-days affecting DNS, mDNS and DHCP clients.

Also to know more about hacking read:- CTF in Hacking: How to get started into Capture the Flag

Others are reading

Ethical HackingHackers NewsNews

Get Free Ethical Hacking Resources, programming courses and free eBooks

1 Mins read
Last update: Aug 02, 2023 Here I will add Ethical Hacking resources for free. In resources, you will get Free Hacking software, Hacking courses,…
Ethical Hacking Course

Getting Started with Burp Suite: A Comprehensive Guide

7 Mins read
Introduction In today’s digital landscape, web application security testing has become a critical aspect of ensuring the safety and integrity of online…
Ethical Hacking Course

Cybersecurity Laws of India: Cyber Laws in India 2024 | Course eHacking 1.1

4 Mins read
In today’s digital age, the need for robust cybersecurity & cyber laws is more pressing than ever. As the world becomes increasingly…
89 posts

About author
Troubleshooter | YouTuber (60k subs) | Creator of this website (i.e. The Techrix) Passionate about InfoSec & CTFs | Exploring tech's frontiers with curiosity and creativity."
Articles
Related posts
Ethical HackingEthical Hacking Course

Footprinting: Tracking Digital Footsteps Through Search Engines

3 Mins read
In the vast world of cybersecurity, the notion of ‘Footprinting’ is a widely used concept. As an essential step in penetration testing,…
Ethical HackingEthical Hacking Course

Mastering Reconnaissance in Cyber Security: A Beginner’s Guide to Footprinting

9 Mins read
Footprinting stands at the forefront of reconnaissance in cyber security, marking the initial phase where cybersecurity professionals, penetration testers, and even threat…
Ethical Hacking CourseHackers News

Master Google Dorking/Hacking: Unleash the Power of Google Search Hacking

6 Mins read
Introduction In the ever-expanding digital landscape, information is key. And when it comes to uncovering hidden data, vulnerabilities, or sensitive information, Google…

Leave a Reply

Your email address will not be published. Required fields are marked *

×
Hackers NewsNews

Checkout The Hottest Cyber Security Jobs for Hackers in 2021