Lucene search
K

110 matches found

ThreatPost
ThreatPost
added 2020/03/11 5:13 p.m.404 views

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

UPDATE Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. The a patch for the vulnerability, tracked as CVE-2020-0796, is now rolling out to Windows 10 and Windows Server 2019 systems worldwide, according to Microsoft. On...

7.5CVSS0.6AI score0.9981EPSS
Exploits125References14
The Hacker News
The Hacker News
added 2020/03/11 12:16 p.m.5 views

Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 SMBv3 network communication protocol. It appears...

10CVSS7.8AI score0.9981EPSS
Exploits125
The Hacker News
The Hacker News
added 2020/03/11 12:16 p.m.387 views

Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 SMBv3 network communication protocol. It appears...

10CVSS1.2AI score0.9981EPSS
Exploits125
Qualys Blog
Qualys Blog
added 2019/11/04 9:50 p.m.303 views

BlueKeep Attacks Observed Months after Initial Release

The BlueKeep vulnerability, initially released in May 2019, is currently being exploited in the wild. Cybersecurity researchers have spotted initial attacks of Bluekeep RDP vulnerability. Here's a reminder about BlueKeep and instructions for using Qualys to identify attacks and remediate this...

10CVSS1.3AI score0.99999EPSS
Exploits123
The Hacker News
The Hacker News
added 2019/11/04 4:0 p.m.78 views

Targeted Ransomware Attacks Hit Several Spanish Companies

Everis, one of the largest IT consulting companies in Spain, suffered a targeted ransomware attack on Monday, forcing the company to shut down all its computer systems until the issue gets resolved completely. Ransomware is a computer virus that encrypts files on an infected system until a ransom...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2019/11/04 7:43 a.m.2747 views

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...

10CVSS10AI score0.99999EPSS
Exploits123
The Hacker News
The Hacker News
added 2019/11/03 11:2 a.m.216 views

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for ...

10CVSS0.4AI score0.99999EPSS
Exploits123
CISA
CISA
added 2019/08/14 12:0 a.m.101 views

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows...

10CVSS3.1AI score0.99999EPSS
Exploits123References5
ThreatPost
ThreatPost
added 2019/08/13 8:29 p.m.228 views

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List

Microsoft’s August Patch Tuesday release contains updates for 93 CVEs, including 29 that are rated critical in severity. The highest priority of these include four critical remote code-execution RCE vulnerabilities in Remote Desktop Services RDS and a critical RCE flaw in Microsoft Word. Also, tw...

10CVSS0.1AI score0.75194EPSS
Exploits2References12
The Hacker News
The Hacker News
added 2019/08/13 6:22 p.m.2 views

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to th...

10CVSS7.4AI score0.75194EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/08/13 6:22 p.m.165 views

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to th...

10CVSS9.7AI score0.75194EPSS
Exploits0
MSRC
MSRC
added 2019/08/13 7:0 a.m.49 views

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution RCE vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability CVE-2019-0708, these two vulnerabilities are also ‘wormable’, meaning that a...

10CVSS2.1AI score0.99999EPSS
Exploits123
MSRC
MSRC
added 2019/08/13 7:0 a.m.53 views

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution RCE vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability CVE-2019-0708, these two vulnerabilities are also ‘wormable’, meaning that a...

10CVSS9.6AI score0.99999EPSS
Exploits123
Circl
Circl
added 2019/08/13 5:0 a.m.14 views

CVE-2019-1181

creationtimestamp| type| source ---|---|--- 2019-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ 2019-08-13 23:12:13+00:00| seen| https://t.me/cybershit/558 2019-08-14 04:00:00+00:00| seen|...

10CVSS7.3AI score0.75194EPSS
Exploits0References9
Circl
Circl
added 2019/08/13 5:0 a.m.14 views

CVE-2019-1182

creationtimestamp| type| source ---|---|--- 2019-08-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2019/08/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/ 2019-08-13 23:12:13+00:00| seen| https://t.me/cybershit/558 2019-08-14 04:00:00+00:00| seen|...

10CVSS7.3AI score0.12934EPSS
Exploits0References7
Talos Blog
Talos Blog
added 2019/06/21 8:38 a.m.160 views

Threat Source newsletter (June 20, 2019)

Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This week, we disclosed two vulnerabilities in KCodes’ NetUSB kernel module contains that could allow an attacker to inappropriatel...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/18 1:58 p.m.686 views

Working BlueKeep Exploit Developed by DHS

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...

10CVSS0.5AI score0.99999EPSS
Exploits123References11
ICS
ICS
added 2019/06/17 12:0 p.m.61 views

Microsoft Operating Systems BlueKeep Vulnerability

Summary The Cybersecurity and Infrastructure Security Agency CISA is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems OSs, including both 32- and 64-bit versions, as well as all Service Pac...

10CVSS9.9AI score0.99999EPSS
Exploits123References25
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/06/07 1:5 p.m.90 views

This Week in Security News: Gray Alerts and Wormable Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the new wormable malware that’s dropping a Monero miner in web servers, networks and removable drivers. Also, read about the bes...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/05 2:14 p.m.326 views

BlueKeep 'Mega-Worm' Looms as Fresh PoC Shows Full System Takeover

A researcher has created a proof-of-concept Metasploit module for the critical BlueKeep vulnerability, which successfully demonstrates how to achieve complete takeover of a target Windows machine. Reverse engineer Zǝɹosum0x0 tweeted about his success on Tuesday, noting that he plans to keep the...

10CVSS0.9AI score0.99999EPSS
Exploits139References12
Rows per page
Query Builder