Lucene search
Hive ProHIVEPRO:B3F9F66CBDECF3B8E7AADF5951D97F6AHistoryAug 16, 2022 - 5:00 a.m.
Vulnerabilities & Threats that Matter 08 – 14th Aug
2022-08-1605:00:49
Hive Pro
www.hivepro.com
96
0.975 High
EPSS
Percentile
100.0%
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of which 14 gained the attention of Threat Actors and security researchers worldwide. Among these 14, 2 zero-day, and 10 vulnerabilities are awaiting analysis on the National Vulnerability Database (NVD). Hive Pro Threat Research Team has curated a list of 14 CVEs that require immediate action. This week also saw Cuba Ransomware exploiting CVE-2020-1472 and CVE-2021-1732 and another vulnerability CVE-2020-0796 was seen exploited by BlueSky Ransomware. Further, we also observed 3 Threat Actor groups being highly active in the last week. UNC2447, an unknown threat actor group popular for financial crime and gain, Lapsus$, a Brazilian threat actor group popular for Data theft and Destruction, and Yanluowang ransomware gang, a Chinese threat actor group popular for financial crime and gain were observed stealing around 2.8 GB of data from Cisco. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.
Related
mssecure
mssecure
Zerologon is now detected by Microsoft Defender for Identity
2020-11-30 17:00:20
mmpc
mmpc
Zerologon is now detected by Microsoft Defender for Identity
2020-11-30 17:00:20
krebs
krebs
Microsoft Patch Tuesday, February 2021 Edition
2021-02-09 22:37:19
Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw
2020-09-24 17:00:51
cisa
cisa
Microsoft Warns of Windows Win32k Privilege Escalation
2021-02-09 00:00:00
Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472
2020-09-14 00:00:00
Unpatched Microsoft Systems Vulnerable to CVE-2020-0796
2020-06-05 00:00:00
threatpost
threatpost
Microsoft Pulls Bad Windows Update After Patch Issue
2021-02-16 16:47:36
Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'
2021-01-15 21:47:20
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
2020-10-19 16:36:00
trendmicroblog
trendmicroblog
PurpleFox Adds New Backdoor That Uses WebSockets
2021-10-19 00:00:00
PurpleFox Adds New Backdoor That Uses WebSockets
2021-10-19 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Microsoft
2022-02-15 16:55:31
Exploit for Out-of-bounds Write in Microsoft
2023-07-11 09:29:18
Exploit for Use of Insufficiently Random Values in Microsoft
2020-09-16 03:54:27
prion
prion
Privilege escalation
2021-02-25 23:15:00
Remote code execution
2020-03-12 16:15:00
cve
cve
qualysblog
qualysblog
cert
cert
ubuntu
ubuntu
Samba vulnerability
2020-09-17 00:00:00
Samba vulnerability
2020-09-17 00:00:00
Samba update
2020-09-30 00:00:00
suse
suse
Security update for samba (important)
2020-09-25 00:00:00
Security update for samba (important)
2020-09-24 00:00:00
nessus
nessus
openSUSE Security Update : samba (openSUSE-2020-1526)
2020-09-30 00:00:00
EulerOS 2.0 SP5 : samba (EulerOS-SA-2020-2299)
2020-10-30 00:00:00
SUSE SLES12 Security Update : samba (SUSE-SU-2020:2721-1)
2020-12-09 00:00:00
carbonblack
carbonblack
Risk Score 101: What to look for in a Risk Score
2020-11-19 18:20:13
Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)
2020-03-17 14:14:25
securelist
securelist
The future of cyberconflicts
2020-12-18 10:00:10
APT trends report Q1 2021
2021-04-27 10:00:26
malwarebytes
malwarebytes
The story of ZeroLogon
2021-01-19 18:37:09
ubuntucve
ubuntucve
CVE-2020-1472
2020-09-16 00:00:00
msrc
msrc
Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472
2021-01-14 08:00:00
Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
2020-10-29 07:00:00
Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
2020-10-29 20:02:19
osv
osv
CVE-2020-1472
2020-08-17 19:15:15
samba vulnerability
2020-09-17 11:03:22
openvas
openvas
openSUSE: Security Advisory for samba (openSUSE-SU-2020:1513-1)
2020-09-25 00:00:00
Mageia: Security Advisory (MGASA-2020-0380)
2022-01-28 00:00:00
Fedora: Security Advisory for samba (FEDORA-2020-a1d139381a)
2020-10-04 00:00:00
samba
samba
Unauthenticated domain takeover via netlogon ("ZeroLogon")
2020-09-18 00:00:00
attackerkb
attackerkb
CVE-2021-1732
2021-02-25 00:00:00
CVE-2020-0796 - SMBGhost
2020-03-12 00:00:00
CVE-2020-1472
2020-08-17 00:00:00
seebug
seebug
Microsoft Windows本地提权漏洞(CVE-2021-1732)
2021-03-26 00:00:00
mscve
mscve
Netlogon Elevation of Privilege Vulnerability
2020-08-11 07:00:00
Windows SMBv3 Client/Server Remote Code Execution Vulnerability
2020-03-12 07:00:00
Microsoft Guidance for Disabling SMBv3 Compression
2020-03-10 07:00:00
packetstorm
packetstorm
Zerologon Netlogon Privilege Escalation
2020-11-18 00:00:00
Microsoft Windows SMB 3.1.1 Remote Code Execution
2020-03-15 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: samba-4.11.13-0.fc31
2020-10-04 01:26:52
[SECURITY] Fedora 32 Update: samba-4.12.7-0.fc32
2020-09-23 17:13:53
[SECURITY] Fedora 33 Update: samba-4.13.0-11.fc33
2020-09-25 17:25:08
checkpoint_advisories
checkpoint_advisories
Winlogon Privilege Escalation (CVE-2020-1472)
2020-11-04 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2021-1732)
2021-02-09 00:00:00
Microsoft Windows SMBv3 Remote Code Execution (CVE-2020-0796)
2020-03-11 00:00:00
thn
thn
US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence
2022-01-13 07:47:00
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
2023-11-16 12:03:00
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
2020-09-23 18:08:00
cvelist
cvelist
CVE-2020-1472 Netlogon Elevation of Privilege Vulnerability
2020-08-17 19:13:05
CVE-2020-0796
2020-03-12 15:48:18
CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability
2021-02-25 23:01:31
redhatcve
redhatcve
CVE-2020-1472
2020-09-17 06:30:08
canvas
canvas
Immunity Canvas: SMBGHOST
2020-03-12 16:15:00
Immunity Canvas: SMBGHOST_LPE
2020-03-12 16:15:00
trellix
trellix
SMBGhost – Analysis of CVE-2020-0796
2020-03-12 00:00:00
zdt
zdt
ZeroLogon - Netlogon Elevation of Privilege Exploit
2020-11-18 00:00:00
Microsoft Windows 10 (1903/1909) - SMBGhost SMB3.1.1 SMB2_COMPRESSION_CAPABILITIES Buffer Overflow
2020-03-15 00:00:00
Microsoft Windows SMB 3.1.1 Remote Code Execution Exploit
2020-03-17 00:00:00
nvd
nvd
ibm
ibm
mskb
mskb
March 12, 2020—KB4551762 (OS Builds 18362.720 and 18363.720) - EXPIRED
2020-03-12 07:00:00
kitploit
kitploit
CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost
2020-03-31 00:50:00
CVE-2020-0796 - CVE-2020-0796 Pre-Auth POC
2020-03-31 00:47:00
exploitpack
exploitpack
metasploit
metasploit
SMBv3 Compression Buffer Overflow
2021-04-09 18:15:05
Netlogon Weak Cryptographic Authentication
2020-09-17 18:28:53
freebsd
freebsd
samba -- Unauthenticated domain takeover via netlogon
2020-01-01 00:00:00
archlinux
archlinux
[ASA-202009-17] samba: access restriction bypass
2020-09-29 00:00:00
debiancve
debiancve
CVE-2020-1472
2020-08-17 19:15:15
huawei
huawei
Security Advisory - Netlogon Elevation of Privilege Vulnerability
2020-11-05 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2021-11-03 00:00:00
myhack58
myhack58
talosblog
talosblog
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
2020-03-12 10:00:14
Microsoft Netlogon exploitation continues to rise
2020-09-29 09:04:58
kaspersky
kaspersky
KLA11693 ACE vulnerability in Microsoft Windows
2020-03-12 00:00:00
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of SMB
2020-09-18 15:11:21
akamaiblog
akamaiblog