14 matches found
Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server now integrate with th...
Exploit for Improper Input Validation in Microsoft
CVE-2023-23397 Exploitation & Mitigation Demo 📌 Overview...
Mitigating NTLM Relay Attacks by Default
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication EPA by default for new and existing installs of Exchange 2019. While we’re currently unaware of any activ...
CVE-2024-21410
creationtimestamp| type| source ---|---|--- 2024-02-13 20:37:02+00:00| seen| https://t.me/ctinow/184168 2024-02-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1227 2024-02-14 16:13:10+00:00| seen| https://t.me/itsecnews/4112 2024-02-15 06:21:50+00:00| exploited|...
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Russian state-sponsored actors have staged NT LAN Manager NTLM v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing...
Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates
Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed as...
Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability
Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild. The update, which is the smallest release since December 2019, squashes seven Critical and 37...
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft was quick to respond with a fix to an attack dubbed “PetitPotam” that could force remote Windows systems to reveal password hashes that could then be easily cracked. To thwart an attack, Microsoft recommends system administrators stop using the now deprecated Windows NT LAN Manager NTLM...
Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
Summary Microsoft is aware of PetitPotam which can potentially be used in an attack on Windows domain controllers or other Windows servers. PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect...
F5 Networks BIG-IP : BIG-IP APM Edge Client vulnerability (K97733133)
When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM attack by deploying a...
Microsoft Windows Task Scheduler Security Feature Bypass Vulnerability
Compass Security identified a security feature bypass vulnerability in Microsoft Windows. Due to the absence of integrity verification requirements for the RPC protocol and in particular the Task Scheduler, a man-in-the-middle attacker can relay his victim's NTLM authentication to a target of his...
Microsoft Windows Task Scheduler Security Feature Bypass
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Windows Task Scheduler Vendor: Microsoft CSNC ID: CSNC-2010-001 CVE ID: CVE-2020-1113 Subject: Security Feature Bypass Risk: High Effect: Remotely exploitable Authors: Sylvain Heiniger Date: 14.05.2020...
CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks
The CERT Coordination Center CERT/CC has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration...
ICSA-18-093-01 Siemens Building Technologies Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Siemens Equipment : Building Technologies Products Vulnerabilities : Stack-based Buffer Overflows, Security Features, Improper Restriction of Operations within the Bounds of a Memory Buffer, NUL...