Lucene search
K

31 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 7 : samba-4.10.16-9.0.1.el7.AXS7 (AXSA:2020-1012:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1012:06 advisory. samba: Netlogon elevation of privilege vulnerability Zerologon CVE-2020-1472 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify...

10CVSS7.5AI score0.99512EPSS
Exploits75References4
GithubExploit
GithubExploit
added 2025/12/07 3:29 p.m.178 views

Exploit for CVE-2020-1472

zerologon-lab Scripts for a lab environment demonstrating the...

10CVSS7AI score0.99512EPSS
Exploits75
GithubExploit
GithubExploit
added 2025/10/18 3:33 p.m.208 views

Exploit for CVE-2020-1472

Domain-Controller-DC-Exploitation-with-Metasploit-Impacket End...

10CVSS7.4AI score0.99512EPSS
Exploits75
Securelist
Securelist
added 2024/11/26 10:0 a.m.36 views

Analysis of Elpaco: a Mimic variant

Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...

7.9AI score0.99512EPSS
Exploits75
hivepro
hivepro
added 2024/06/10 2:25 p.m.4 views

RansomHub A Rebranded Menace Exploiting the ZeroLogon Vulnerability

...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/16 12:3 p.m.107 views

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

10CVSS9.2AI score0.99512EPSS
Exploits75
hivepro
hivepro
added 2023/08/29 9:21 a.m.10 views

Attacks, Vulnerabilities and Actors 21 August to 27 August 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, six vulnerabilities, and three different adversaries...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/01/13 7:47 a.m.91 views

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

The U.S. Cyber Command USCYBERCOM on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of...

10CVSS0.9AI score0.99512EPSS
Exploits75
Qualys Blog
Qualys Blog
added 2021/11/18 5:17 p.m.494 views

Conti Ransomware

Conti is a sophisticated Ransomware-as-a-Service RaaS model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigati...

9.3CVSS10.6AI score0.99759EPSS
Exploits166
Gitee
Gitee
added 2021/07/09 11:20 a.m.24 views

Exploit for Out-of-bounds Write in Qemu

This repository contains PoCs Proof of Concepts for two vulnerabilities: CVE-2020-14364 Qemu and CVE-2020-1472 Zerologon. CVE-2020-14364 Qemu The Qemu PoC is a C code that exploits a vulnerability in the Qemu emulator. The code includes two files: exp1irq.c and exp2configread.c. These files appea...

10CVSS7.5AI score0.99512EPSS
Exploits75
Malwarebytes
Malwarebytes
added 2021/06/01 7:9 p.m.51 views

Cobalt Strike, a penetration testing tool abused by criminals

If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probabl...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/11 7:43 a.m.10 views

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/12/15 3:21 p.m.5 views

samba: Netlogon elevation of privilege vulnerability (Zerologon)

A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...

10CVSS6.8AI score0.99512EPSS
Exploits75References9
Malwarebytes
Malwarebytes
added 2020/12/09 4:3 p.m.32 views

VideoBytes: Ryuk Ransomware Targeting US Hospitals

Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/11/20 12:5 p.m.59 views

Symantec Reports on Cicada APT Attacks against Japan

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well...

1.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/11/12 4:0 p.m.1667 views

Querying Windows Event Logs for Faster Investigation and Response

With this week’s release on the VMware Carbon Black Cloud, users can now remotely inspect Windows devices’ event logs to pull back information that could be helpful during an investigation or response scenario. This new capability comes as part of an update to the Live Query functionality provide...

9.3CVSS8.7AI score0.99512EPSS
Exploits75
Carbon Black Blog
Carbon Black Blog
added 2020/10/30 8:13 p.m.446 views

TAU Threat Advisory: Imminent Ransomware threat to U.S. Healthcare and Public Health Sector

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency CISA issued a joint alert this week with regards to an imminent cybercrime threat to US hospitals and healthcare providers. The alert was coauthored by CISA, the Federal Bureau of Investigation FBI, and the...

9.3CVSS0.8AI score0.99512EPSS
Exploits75
GithubExploit
GithubExploit
added 2020/09/29 6:45 p.m.168 views

Exploit for CVE-2020-1472

Zerologon CVE-2020-1472 This script is made for bulk checkin...

10CVSS8.3AI score0.99512EPSS
Exploits75
The Hacker News
The Hacker News
added 2020/09/29 5:26 p.m.218 views

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...

10CVSS0.7AI score0.99512EPSS
Exploits75
The Hacker News
The Hacker News
added 2020/09/29 5:26 p.m.12 views

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...

10CVSS7.1AI score0.99512EPSS
Exploits75
Rows per page
Query Builder