Skip to main content

LIVE Webinar on Zerologon Vulnerability Is Going To Take Place: Technical Analysis and Detection

 11-Plus Supercomputers Hacked With Cryptominers - Security Boulevard

I'm sure most of you have now heard of a high-risk Windows server - called Zerologon - that would allow hackers to take over business networks completely.


For those of you who don't know, in short, all supported versions of Windows Server applications are at risk of a serious patent infringement that resides in the Netlogon Remote Control Protocol for Domain Controllers.


In other words, the primary vulnerability (CVE-2020-1472) can be exploited by the attacker to stop Active Directory services, and ultimately, the Windows domain without the need for authentication.

What’s worse is that the exploitation of evidence of this error was released to the public last week, and soon after that, the attackers began exploiting vulnerabilities through programs that were not included in the wild.



As explained in our compilation based on technical analysis published by Cynet's security analysts, the main problem is Microsoft's implementation of AES-CFB8, where it failed to use the unique, random salt of these Netlogon messages.


An attacker needs to send a specially designed egg string to Netlogon messages to change the domain control password stored in Active Directory.


For THN readers who are interested in learning more about this threat in detail, including technical details, mitigation, and discovery strategies, they should join the live webinar (register here) with Aviad Hasnis, CTO at Cynet.


A free security safety education webinar is scheduled for 30 September at 5:00 PM GMT, and aims to discuss wildlife exploitation to take advantage of this crisis.


In addition, the Cynet team has also released a free discovery tool that warns you of any Zerologon abuse in your area.

 

REGISTER FOR WEBINAR HERE 

Comments

Post a Comment

Popular posts from this blog

Netwalker Goes After College of Nurses' Data in Ontario

T he cybercrime Netwalker team is guilty of extracting information from the Ontario Nursing College on ransomware attacks. A screenshot of information allegedly removed by the school has been posted on the Netwalker site, where the name of the school has been added to the number of injured people in the group. In a heated statement released yesterday, the school saw that it was affected by network security but did not indicate what had happened. The proclamation reads: "The College of the Nurses of Ontario (CNO) is currently pursuing normal operations following a network security incident. With the never-ending release of this episode on September 8, CNO found a way to prevent this incident and took over network protection. in a far-reaching legal examination. " As a result of this episode, the various administrations provided by the CNO are not easily accessible, including the public Register Find a Nurse, the Nursing Rehabilitation Center and the entrance gate. The CNO sai...
Post a Comment
Read more

6 new Google Chrome flaws allow remote phone hacking | | Update Chrome or use BRAVE Browser

Cybersecurity experts have revealed the discovery of six security issues in Google Chrome, one of the world's most popular Internet browsers. Successful exploitation of these traits can create many vicious situations. Below is a brief description of the reported vulnerabilities, in addition to their scores and tracking keys according to the Common Vulnerability Scoring System (CVSS). CVE-2020-6493: This is a back-end risk that exists due to an error in the Google Chrome Web authentication feature.  A threatening actor can redirect victims to a malicious website to help them become vulnerable and create a code of opposition to the program. This error scored 7.7/10, so it is considered a serious difficulty. CVE-2020-6494: This risk exists due to insufficient confirmation of user inclusion in the Google Chrome payment item. Threatening actors can create a specially designed website, trick the victim into visiting it and lying about its contents. This is a very serious mistake, as it s...
Post a Comment
Read more

Google deletes Indian App that Deletes Chinese Apps

  Google has deleted associate app from the Play Store that offered to delete mechanical man computer code related to China. The app, created by Jaipur, India-based developer One bit AppLabs , purported to scan mechanical man phones for any apps with links to China. It used marketing research to spot apps from a named list and would then supply users the prospect to wipe them from the user’s phone. Demos found on-line showed it deleting TikTok, the favored electronic communication app owned by Chinese developer ByteDance, and UC Browser, developed by Alibaba-owned UCWeb . It additionally additionally reportedly deleted the app for the Zoom videoconferencing service, that the Munk School’s subject workplace discovered was causation secret writing keys to Chinese servers.   Remove China Apps, an app that has been popular in India in recent weeks and does exactly what its name implies, has been removed from the Play Store. The best app in India, downloaded more th...
1 comment
Read more