In a joint effort between researchers at JSOF and Forescout, a group of vulnerabilities has been disclosed affecting DNS in 100 million devices that are based on FreeBSD, Nucleus NET and NetX. This primarily affects Operational Technology (OT) and Internet of Things (IoT) devices. The collection of vulnerabilities is being called NAME: WRECK, and together can be leveraged to take over a machine. Each of these vulnerabilities, according to Forescout, while hypothetical, can allow an attacker to cause significant damage and steal data. The most critical vulnerabilities center around the implementation of message compression, allowing for remote code execution through buffer overflows.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in