The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Similar to Daily Security Review
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Centered on Android, unafraid to go far and wide in tech. Each week, hosts Daniel Bader and Will Sattelberg bring you a conversation about the decisions being made from how Google designs its Pixel phones to questions about the efficacy of mass consumption artificial intelligence products. Join us as we reflect on the facts, the feelings, and the connections we're all making today.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
Manage episode 515420539 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS resolver systems worldwide. The flaws—tracked as CVE-2025-40780, CVE-2025-40778, and CVE-2025-8677—pose serious threats ranging from cache poisoning to denial-of-service (DoS) attacks. These vulnerabilities collectively endanger one of the internet’s most foundational components: the Domain Name System (DNS).
The two most severe issues, both scoring 8.6 on the CVSS scale, expose BIND resolvers to cache poisoning. One of them, CVE-2025-40780, originates from a weakness in the Pseudo Random Number Generator (PRNG) used for DNS queries, allowing attackers to predict critical identifiers like source ports and query IDs. The second, CVE-2025-40778, involves overly lenient acceptance of DNS records, which can enable attackers to inject forged or spoofed entries into the cache. Once poisoned, the resolver could redirect users to malicious domains, enabling phishing, credential theft, and data interception across entire organizations.
The third flaw, CVE-2025-8677, rated 7.5 (High), introduces a DoS risk that allows adversaries to overwhelm DNS resolvers by sending specially crafted malformed DNSKEY records, consuming CPU resources until DNS services become unavailable. Because nearly all internet-dependent systems rely on DNS resolution, such attacks can lead to massive service disruptions, cutting off critical applications, communications, and business operations.
The ISC emphasizes that no workarounds exist for these vulnerabilities — patching is the only mitigation. Updated versions, including BIND 9.18.41, 9.20.15, and 9.21.14, are now available and must be deployed immediately. Though the consortium reports no confirmed in-the-wild exploitation so far, the public disclosure of technical details drastically increases the likelihood of attackers developing weaponized exploits in the near term.
For enterprises, this serves as an urgent reminder that DNS security is infrastructure security. Any delay in applying the ISC’s patches exposes networks to redirection attacks, service outages, and data breaches. Immediate updates are critical to maintaining service integrity, preventing manipulation of DNS traffic, and ensuring business continuity.
#BIND9 #DNS #ISCSecurity #CVE202540780 #CVE202540778 #CVE20258677 #CachePoisoning #DNSAttack #PRNGFlaw #DenialOfService #CyberSecurity #Vulnerability #PatchNow #DNSResolver #InternetSecurity #ISCVulnerability #SystemAdmin
410 episodes
Share
Manage episode 515420539 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS resolver systems worldwide. The flaws—tracked as CVE-2025-40780, CVE-2025-40778, and CVE-2025-8677—pose serious threats ranging from cache poisoning to denial-of-service (DoS) attacks. These vulnerabilities collectively endanger one of the internet’s most foundational components: the Domain Name System (DNS).
The two most severe issues, both scoring 8.6 on the CVSS scale, expose BIND resolvers to cache poisoning. One of them, CVE-2025-40780, originates from a weakness in the Pseudo Random Number Generator (PRNG) used for DNS queries, allowing attackers to predict critical identifiers like source ports and query IDs. The second, CVE-2025-40778, involves overly lenient acceptance of DNS records, which can enable attackers to inject forged or spoofed entries into the cache. Once poisoned, the resolver could redirect users to malicious domains, enabling phishing, credential theft, and data interception across entire organizations.
The third flaw, CVE-2025-8677, rated 7.5 (High), introduces a DoS risk that allows adversaries to overwhelm DNS resolvers by sending specially crafted malformed DNSKEY records, consuming CPU resources until DNS services become unavailable. Because nearly all internet-dependent systems rely on DNS resolution, such attacks can lead to massive service disruptions, cutting off critical applications, communications, and business operations.
The ISC emphasizes that no workarounds exist for these vulnerabilities — patching is the only mitigation. Updated versions, including BIND 9.18.41, 9.20.15, and 9.21.14, are now available and must be deployed immediately. Though the consortium reports no confirmed in-the-wild exploitation so far, the public disclosure of technical details drastically increases the likelihood of attackers developing weaponized exploits in the near term.
For enterprises, this serves as an urgent reminder that DNS security is infrastructure security. Any delay in applying the ISC’s patches exposes networks to redirection attacks, service outages, and data breaches. Immediate updates are critical to maintaining service integrity, preventing manipulation of DNS traffic, and ensuring business continuity.
#BIND9 #DNS #ISCSecurity #CVE202540780 #CVE202540778 #CVE20258677 #CachePoisoning #DNSAttack #PRNGFlaw #DenialOfService #CyberSecurity #Vulnerability #PatchNow #DNSResolver #InternetSecurity #ISCVulnerability #SystemAdmin
410 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Daily Security Review
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Centered on Android, unafraid to go far and wide in tech. Each week, hosts Daniel Bader and Will Sattelberg bring you a conversation about the decisions being made from how Google designs its Pixel phones to questions about the efficacy of mass consumption artificial intelligence products. Join us as we reflect on the facts, the feelings, and the connections we're all making today.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
