all InfoSec news
A Vulnerability in C Standard Libraries uClibe and uClibe-ng Could Allow for DNS Poisoning
May 5, 2022, 3:24 a.m. |
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A vulnerability which could allow for DNS poisoning attacks has been discovered in the C standard libraries uClibe and uClibe-ng, which are widely used in IoT products. DNS poisoning enables a subsequent Man-in-the-Middle scenario, which can be used to perform actions like stealing information, forcing authenticated responses, as well as installing malicious firmware.
There is currently no CVE listing, nor further details on affected products, as the research group Nozomi Networks is still working with vendors and library developers in …
More from www.cisecurity.org / Center for Internet Security - Multi-State Information Sharing and Analysis Center
Jobs in InfoSec / Cybersecurity
Technical Senior Manager, SecOps | Remote US
@ Coalfire | United States
Global Cybersecurity Governance Analyst
@ UL Solutions | United States
Security Engineer II, AWS Offensive Security
@ Amazon.com | US, WA, Virtual Location - Washington
Senior Cyber Threat Intelligence Analyst
@ Sainsbury's | Coventry, West Midlands, United Kingdom
Embedded Global Intelligence and Threat Monitoring Analyst
@ Sibylline Ltd | Austin, Texas, United States
Senior Security Engineer
@ Curai Health | Remote