Zerologon

Pierluigi Paganini October 30, 2020
Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Microsoft researchers are warning that threat actors are continuing to actively exploit the ZeroLogon vulnerability in attacks in the wild. Microsoft is warning that threat actors are actively exploiting the ZeroLogon vulnerability in the Netlogon Remote Protocol. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client […]

Pierluigi Paganini October 22, 2020
Taiwanese vendor QNAP issues advisory on Zerologon flaw

Taiwanese vendor QNAP published an advisory to warn customers that certain versions of its NAS OS (QTS) are affected by the Zerologon vulnerability. The Taiwanese vendor QNAP has published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices, also known as of QTS, are affected by […]

Pierluigi Paganini October 12, 2020
APT groups chain VPN and Windows Zerologon bugs to attack US government networks

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint security alert to warn of attackers combining VPN and Windows Zerologon flaws to target government networks. […]

Pierluigi Paganini October 10, 2020
Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505, CHIMBORAZO and Evil Corp. Microsoft experts spotted the Zerologon attacks involving fake software updates, the researchers noticed that the malicious code connected […]

Pierluigi Paganini October 07, 2020
Using a WordPress flaw to leverage Zerologon vulnerability and attack companies’ Domain Controllers

Using a WordPress flaw (File-Manager plugin–CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers. Recently, a critical vulnerability called Zerologon – CVE-2020-1472 – has become a trending subject around the globe. This vulnerability would allow a malicious agent with a foothold on your internal network to essentially become Domain Admin with just one click. This scenario […]

Pierluigi Paganini October 06, 2020
Iran-linked APT is exploiting the Zerologon flaw in attacks

Microsoft researchers reported that Iranian cyber espionage group MuddyWater is exploiting the Zerologon vulnerability in attacks in the wild. Microsoft published a post and a series of tweets to warn of cyber attacks exploiting the Zerologon vulnerability carried out by the Iran-linked APT group known as MuddyWater, aka Mercury. The Zerologon vulnerability, tracked as CVE-2020-1472, is […]

Pierluigi Paganini September 24, 2020
Hackers are using Zerologon exploits in attacks in the wild

Microsoft is warning of threat actors that are actively using the Windows Server Zerologon exploits in attacks in the wild. Microsoft has published a series of Tweets to warn of attackers that are actively exploiting the Windows Server Zerologon in attacks in the wild. The IT giant is urging Windows administrators to install the released […]

Pierluigi Paganini September 23, 2020
Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Samba team has released a security patch to address the Zerologon issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). Samba team has released a security patch to address the Zerologon (CVE-2020-1472) issue in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication […]

Pierluigi Paganini September 21, 2020
DHS CISA orders federal agencies to fix Zerologon flaw by Monday

DHS CISA issued an emergency directive to tells government agencies to address the Zerologon vulnerability (CVE-2020-1472) by Monday. The Department of Homeland Security’s CISA issued an emergency directive to order government agencies to address the Zerologon vulnerability (CVE-2020-1472) by Monday. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism […]