Authentication, Information Security and Security Intelligence

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

— Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. Microsoft 365 Defender customers can also refer to these detections: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. The Zerologon vulnerability, tracked as CVE-2020-1472 , is an elevation of privilege that resides in the Netlogon.

Authentication

Authentication Advertising Architecture Cyber Attacks

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

According to the advisory published by SolarWinds, the Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. “The Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized,” reads the advisory published by SolarWinds.

Authentication

Authentication Hacking Ransomware Security Intelligence

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Below the details of the ProxyLogon vulnerabilities: The first zero-day, tracked as CVE-2021-26855 , is a server-side request forgery (SSRF) vulnerability in Exchange that could be exploited by an attacker to authenticate as the Exchange server by sending arbitrary HTTP requests. and also as DearCry. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Threat actors were observed abusing OneDrive, for this reason, the IT giant has suspended more than 20 malicious OneDrive applications created by POLONIUM actors, notified affected organizations, and deployed a series of security intelligence updates that will quarantine malicious tools developed by the attackers.

Security Intelligence

Security Intelligence Hacking Antivirus Authentication

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Security Affairs

AUGUST 29, 2024

Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. Commands can be injected over the network and executed without authentication.”

Firmware

Firmware Malware Security Intelligence Authentication

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. The probes were of low frequency and appeared to first attempt an authentication via a POST request and then, upon success, attempt a command injection exploitation.”

DDOS

DDOS Wireless Security Intelligence Malware

10 Reasons to Trust Your Enterprise APIs

Cisco Security

AUGUST 30, 2021

Using this list as a backdrop the following best practices are presented as a call to action to help organizations take a proactive approach at addressing API security risk. Use strong authentication and authorization. and protocols like OpenID Connect to secure the sharing of sensitive company and user information.

Software

Software Authentication Risk Encryption

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Confirm that Microsoft Defender Antivirus is updated to security intelligence update 1.371.503.0 Enable multifactor authentication (MFA) to mitigate potentially compromised credentials and ensure that MFA is enforced for all remote connectivity. or later to detect the related indicators.

Surveillance

Surveillance Malware Authentication Accountability

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Over the past year, Microsoft Threat Intelligence Center (MSTIC) has observed an evolution of the tools, techniques, and procedures employed by Iranian nation-state actors. Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021.

VPN

VPN Accountability Social Engineering Media

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

.” Microsoft Threat Intelligence Information Center (MSTIC) has uncovered activity by the threat actor PHOSPHOROUS, which has been masquerading as conference organizers and sending spoofed invitations by email to high-profile individuals. ” suggest Microsoft.

Hacking

Hacking Security Intelligence Advertising Accountability

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

Enabling two-factor authentication is perhaps the most important step toward resisting such tactics (attackers have intercepted SMS codes, so use other methods, if possible). More broadly: Enable two-factor authentication everywhere. Require authentication for printer, server, computer, and device access even on local networks.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage.

Phishing

Phishing Media Hacking Education

The number of exploits in the Echobot botnet reached 59

Security Affairs

AUGUST 7, 2019

At the time of its discovery, operators added 8 new exploits, but a few weeks later the popular expert Larry Cashdollar from Akamai’s Security Intelligence Response Team (SIRT) discovered a variant that included a total of 26 exploits. Authentication Bypass / Remote Command Execution EnGenius EnShare IoT Gigabit Cloud Service 1.4.11

Wireless

Wireless IoT Advertising Surveillance

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

With SecureX sign-on we can log into all the products only having to type a password one time and approve one Cisco DUO Multi-Factor Authentication (MFA) push. Then under Organization à Administrators add a new user and specify SecureX sign-on as the authentication method. How does this magic work behind the scenes? About Black Hat.

Malware

Malware Accountability Technology DNS

Cyber Security Informer

Hackers are using Zerologon exploits in attacks in the wild

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Trending Sources

Iran-linked APT is exploiting the Zerologon flaw in attacks

SolarWinds Serv-U bug exploited for Log4j attacks

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Microsoft blocked Polonium attacks against Israeli organizations

Corona Mirai botnet spreads via AVTECH CCTV zero-day

New InfectedSlurs Mirai-based botnet exploits two zero-days

10 Reasons to Trust Your Enterprise APIs

European firm DSIRF behind the attacks with Subzero surveillance malware

Iran-linked APT groups continue to evolve

Iran-linked Phosphorous APT hacked emails of security conference attendees

Cybersecurity Checklist for Political Campaigns

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

The number of exploits in the Echobot botnet reached 59

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Stay Connected