NAME:WRECK Vulnerabilities Arm Cybercrooks With Hacking Abilities

Cybercriminals usually rely on malicious software to aid them in their hacking campaigns. However, using their malware applications may not be possible unless they manage to identify and exploit an infection vector first. This is why owners of Internet-connected devices are always advised to use reputable antivirus software, but they should also not forget to apply the latest firmware updates and patches for their devices. This way, they can minimize the number of active vulnerabilities and security holes, which cybercriminals would be able to exploit.

Contrary to popular belief, cybercriminals are not the only group looking for vulnerabilities in modern software – white-hat hackers, who are the good guys, are also working tirelessly to test modern software for vulnerabilities and mitigate them before an evil-minded threat actor gets to abuse them. One of the recently released updates about a newly discovered set of vulnerabilities is called NAME:WRECK, and it covers nine exploits concerning the DNS (Domain Name System) protocol. 

The scary thing about the NAME:WRECK Vulnerabilities is that they are not limited to a particular software – instead, they are part of popular TCP/IP stacks being used in hundreds of millions of devices. These TCP/IP stacks are basically small libraries, which are used to enable Internet connectivity in these devices, and this may expose hundreds of millions of devices to a potential attack. The stacks threatened by the NAME:WRECK Vulnerabilities are FreeBSD, Nucleus NET, NetX, and IPnet. 

• FreeBSD is typically used on commercial network software, firewalls, printers, computers, and various types of networking equipment.
• IPNet is predominant in routers, firewalls, printers, and industrial devices.
• Nucleus NET is found in all sorts of devices – ranging from consumer equipment to high-grade systems used in aviation and healthcare.
• NetX is used in smart devices, printers, and Industrial Control Systems (ICS.)

While the details about the NAME:WRECK Vulnerabilities have not been disclosed fully, attackers who manage to take advantage of them may end up gaining complete control over the vulnerable device. Depending on the exploit being abused, the criminals may also gain the ability to modify the system's configuration, permissions, and more. Needless to say, the NAME:WRECK Vulnerabilities will be addressed by the affected parties, and applying the latest firmware updates to your devices will help mitigate attacks that make use of these vulnerabilities.