The FortiGuard Domain Reputation Service License for FortiDDoS is yet further ammunition to use against the growing threat of the IoT and botnet attacks, which are easier than ever to launch due to proliferation of open source code for such attacks, and growing availability of vulnerable devices. [Read More]
by RSS Hemant Jain  |  Sep 06, 2017  |  Filed in: Business and Technology
In this second part article, we analyze two recent vulnerabilities in ISC BIND identified as CVE-2016-1286 and CVE-2016-2088. Based on advisories, these bugs can be triggered using a malformed DNAME record (CVE-2016-1286) or an OPT COOKIE records (CVE-2016-2088). These two bugs share the same attack scenario that can only be triggered when a BIND server makes a request and then receives a malformed response. Based on this requirement, recursive servers are at highest risk to this attack, because it’s not straightforward to ask an authoritative-only... [Read More]
by RSS Amir Zali  |  Apr 01, 2016  |  Filed in: Security Research
The Internet Systems Consortium just released a couple of days ago a new patch (version 9.10.3-P4) to fix some issues in the most popular DNS server software in the world. The release note is available at https://kb.isc.org/article/AA-01363/81/BIND-9.10.3-P4-Release-Notes.html In this series of two articles, we will detail our investigation of these vulnerabilities and how we were able to protect our customers by deploying widely our detection. ISC released a patch for the BIND rndc control channel DoS vulnerability (CVE-2016-1285).... [Read More]
by RSS Dehui Yin  |  Mar 29, 2016  |  Filed in: Security Research
Last week, the Internet Systems Consortium (ISC) released a critical update to its popular software, BIND. BIND is almost everywhere on the Internet, acting as a DNS name server. DNS is a network service used to translate human-readable domain names to numeric identifiers called IP addresses and vice-versa. The update was in response to a recently discovered DoS vulnerability (CVE-2015-5477), which can be exploited to take down the vulnerable BIND server remotely. ISC released an urgent patch for this vulnerability due to its severity. Only... [Read More]
by RSS Dehui Yin  |  Aug 12, 2015  |  Filed in: Security Research
Now that we've had a look at layered security, it's time to talk about each layer individually to figure out the steps you should take to secure your network. First and foremost is the DNS layer, the first "wall" of security that protects your network from attacks. DNS 101 Domain Name System (DNS) is used like a phonebook to help your computer find websites by translating a domain name to a website's IP address. For example, the domain name www.fortinet.com is translated to the IP address, which lets your computer successfully... [Read More]
by RSS Victoria Martin  |  Mar 03, 2014  |  Filed in: Security Q & A
Recently, Proofpoint security researchers published two blog entries (part one and part two) that they have been observing a series of spam campaigns originating in more than 25 % of cases by Internet of Things (IoT) devices. The compromised devices which were reported to send spam included "multi-media centers, televisions and at least one refrigerator". The first blog entry wasn't sufficiently detailed and raised several doubts. The second entry clarifies several points, though not all, so here's my intake on IoT. Are malware on Internet of... [Read More]
by RSS Axelle Apvrille  |  Jan 27, 2014  |  Filed in: Security Research
Shortly after 10:00am Jun 25th 2013, many government websites from South Korea were not accessible. It was actually caused by the malware performing ddos attack on 2 major DNS servers (ns.gcc.go.kr and ns2.gcc.go.kr). Original Attack Vector During the investigation, we managed to find the original attack sample which was served by a compromised website at that time (simdisk.co.kr). The downloaded file named SimDisk_setup.exe turned out to be a self-extracting RAR file. In this SFX RAR file were sitting 2 files: Simdiskup.exe file SimDiskup.exe... [Read More]
by RSS Kyle Yang  |  Jul 14, 2013  |  Filed in: Security Research