Nearly 500M Enterprise Devices at Risk From DNS Rebinding Attacks

Today’s topics include DNS rebinding vulnerabilities exposing 496 million enterprise devices to risk, and Microsoft launching Azure File Sync for cloud-based file services.

Internet of things security vendor Armis released new research on July 20, estimating that approximately 496 million devices used by enterprises are at risk from Domain Name Service rebinding attacks.

According to Nadir Izrael, co-founder and CTO of Armis Security, "Enterprises might have thought that most of these devices essentially could get away with a very weak HTTP server because presumably they are sitting on an internal network and there are a bunch of firewalls that are protecting devices. DNS rebinding, in fact, gives you the ability to sidestep the firewall and use one of the internal network devices as a proxy into internal devices."

Armis found that approximately 77 percent of enterprise IP phones and 66 percent of printers across enterprises were at risk from DNS rebinding. Additionally, 87 percent of switches, routers and access points were also identified as being at risk.

Microsoft on July 19 rolled out Azure File Sync, a cloud-based replication service for Windows Server.

According to Tad Brockway, general manager of Azure Storage and Azure Stack at Microsoft, "Azure File Sync replicates files from your on-premises Windows Server to an Azure file share. … Once you have a copy of your data in Azure, you can enable cloud tiering—the real magic of Azure File Sync—to store only the hottest and most recently accessed data on-premises.”

Administrators can connect multiple servers to an Azure file share for centralized management. Since the public beta version was unveiled in September 2017, uploads are twice as fast and disaster recovery operations are four to 18 times faster.

On the back end, Microsoft has reworked its cost-cutting cloud tiering technologies for faster and more reliable operations.