Zerologon Attack Lets Hackers Take Over Enterprise Networks Within 3 Seconds


IT Security Nachrichten vom | Direktlink: it.slashdot.org

An anonymous reader writes: Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization's crown jewels -- the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device. However, when this condition is met, it's literally game over for the attacked company, as an attacker can hijack its entire network within three seconds by leveraging a bug in the Netlogon authentication protocol cryptography by adding zero characters in certain Netlogon authentication parameters, bypassing authentication procedures and then changing the password for the DC server itself. The technical report from Secura B.V., a Dutch security firm, is available here.

Read more of this story at Slashdot.

...
https://it.slashdot.org/story/20/09/15/2033243/zerologon-attack-lets-hackers-take-over-enterprise-networks-within-3-seconds?utm_source=rss1.0mainlinkanon&utm_medium=feed

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

vom 511.74 Punkte ic_school_black_18dp
Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework.

AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky

vom 293.97 Punkte ic_school_black_18dp
Original release date: October 27, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity

AA20-239A: FASTCash 2.0: North Korea&#039;s BeagleBoyz Robbing Banks

vom 269.25 Punkte ic_school_black_18dp
Original release date: August 26, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is

Plasma Xwayland is outperforming native Wayland and native Xorg in Xonotic

vom 237.75 Punkte ic_school_black_18dp
I took some benchmarks of Xonotic running under Plasma Xorg, Wayland and XWayland with timedemo of 32 seconds demo of firing all weapons and surprisingly XWayland outperformance native Xorg and Wayland. I threw some Sway benchmarks too just for compariso

Crypton - Library Consisting Of Explanation And Implementation Of All The Existing Attacks On Various Encryption Systems, Digital Signatures, Hashing Algorithms

vom 235.12 Punkte ic_school_black_18dp
Crypton is an educational library to learn and practice Offensive and Defensive Cryptography. It is basically a collection of explanation and implementation of all the existing vulnerabilities and attacks on various Encryption Systems (Symmetric and Asymmetric), Digital Signatures, Message Authentication Codes and Authenticated

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

vom 223.18 Punkte ic_school_black_18dp
Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and com

AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions

vom 206.47 Punkte ic_school_black_18dp
Original release date: October 1, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened

A Deep Dive into Git Performance using Trace2

vom 203.54 Punkte ic_school_black_18dp
One of the cardinal rules when attempting to improve software performance is to measure rather than guess. It is easy to fall into the trap of attempting a performance enhancement before root-causing the real performance bottleneck. Our team at Micros

Zerologon Attack Lets Hackers Take Over Enterprise Networks Within 3 Seconds

vom 203.32 Punkte ic_school_black_18dp
An anonymous reader writes: Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization's crown jewels -- the Active Directory domain controllers that act as

AA20-280A: Emotet Malware

vom 199.25 Punkte ic_school_black_18dp
Original release date: October 6, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was writte

"Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records

vom 191.95 Punkte ic_school_black_18dp
What is a subdomain takeover?Subdomain takeover vulnerabilities occur when a subdomain (subdomain.example.com) is pointing to a service (e.g. GitHub pages, Heroku, etc.) that has been removed or deleted. This allows an attacker to set up a page on the

Strelka - Scanning Files At Scale With Python And ZeroMQ

vom 180.87 Punkte ic_school_black_18dp
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response. Based on the design established by Lockheed Martin's Laika BOSS and similar projects (see: related projects), Strelka's purpose is to perfor

Team Security Diskussion über Zerologon Attack Lets Hackers Take Over Enterprise Networks Within 3 Seconds