31 matches found
MiracleLinux 7 : samba-4.10.16-9.0.1.el7.AXS7 (AXSA:2020-1012:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-1012:06 advisory. samba: Netlogon elevation of privilege vulnerability Zerologon CVE-2020-1472 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify...
Exploit for CVE-2020-1472
zerologon-lab Scripts for a lab environment demonstrating the...
Exploit for CVE-2020-1472
Domain-Controller-DC-Exploitation-with-Metasploit-Impacket End...
Analysis of Elpaco: a Mimic variant
Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...
RansomHub A Rebranded Menace Exploiting the ZeroLogon Vulnerability
...
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...
Attacks, Vulnerabilities and Actors 21 August to 27 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, six vulnerabilities, and three different adversaries...
US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence
The U.S. Cyber Command USCYBERCOM on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of...
Conti Ransomware
Conti is a sophisticated Ransomware-as-a-Service RaaS model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigati...
Exploit for Out-of-bounds Write in Qemu
This repository contains PoCs Proof of Concepts for two vulnerabilities: CVE-2020-14364 Qemu and CVE-2020-1472 Zerologon. CVE-2020-14364 Qemu The Qemu PoC is a C code that exploits a vulnerability in the Qemu emulator. The code includes two files: exp1irq.c and exp2configread.c. These files appea...
Cobalt Strike, a penetration testing tool abused by criminals
If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list. Maybe only Metasploit could give it a run for the first place ranking. Metasploit—probabl...
Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies
UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of Static Kitten aka MERCURY or MuddyWater, Anomali said the "objective of this activity is to...
samba: Netlogon elevation of privilege vulnerability (Zerologon)
A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...
VideoBytes: Ryuk Ransomware Targeting US Hospitals
Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...
Symantec Reports on Cicada APT Attacks against Japan
Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well...
Querying Windows Event Logs for Faster Investigation and Response
With this week’s release on the VMware Carbon Black Cloud, users can now remotely inspect Windows devices’ event logs to pull back information that could be helpful during an investigation or response scenario. This new capability comes as part of an update to the Live Query functionality provide...
TAU Threat Advisory: Imminent Ransomware threat to U.S. Healthcare and Public Health Sector
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency CISA issued a joint alert this week with regards to an imminent cybercrime threat to US hospitals and healthcare providers. The alert was coauthored by CISA, the Federal Bureau of Investigation FBI, and the...
Exploit for CVE-2020-1472
Zerologon CVE-2020-1472 This script is made for bulk checkin...
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...