Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Microsoft: Hackers Using Zerologon Exploits in Attacks, Patch Now!

Microsoft: Hackers Using Zerologon Exploits in Attacks, Patch Now!

Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates.

As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as ‘CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability’.

This vulnerability has been named ‘Zerologon’ by cybersecurity firm Secura, and when exploited, allows attackers to elevate their privileges to a domain administrator and take control over a domain.

Soon after Secura’s writeup on how they discovered the vulnerability, researchers quickly released proof-of-concept exploits demonstrating how this vulnerability could be exploited.

Also Read: Deemed Consent PDPA: How Do Businesses Comply?

Microsoft warns of active Zerologon attacks

In a series of Tweets tonight, Microsoft is warning that Zerologon exploits are actively being used in attacks and that admins should install the necessary security updates immediately.

“Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.”

“Microsoft 365 customers can refer to the threat analytics report we published in Microsoft Defender Security Center. The threat analytics report contains technical details, mitigations, and detection details designed to empower SecOps to detect and mitigate this threat.”

“We’ll continue to monitor developments and update the threat analytics report with latest info. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Microsoft 365 customers can use threat & vulnerability management data to see patching status,” Microsoft tweeted tonight.

Included in these tweets are three samples that Microsoft states were used in the attacks to exploit the ZeroLogon CVE-2020-1472 Netlogon elevation of privilege vulnerability.

Also Read: 10 Principles On How To Build A Good Governance Model

The samples are .NET executables with the filename ‘SharpZeroLogon.exe’ and can be found on VirusTotal [123].

SharpZeroLogon.exe
SharpZeroLogon.exe

In one of the samples examined by BleepingComputer, and like other public exploits, the NTLM hash of the domain controller will be changed to 31d6cfe0d16ae931b73c59d7e0c089c0, which is an empty password.

At this time, Microsoft is not sharing further details about the attacks.

All Windows Server administrators are strongly advised to install the security update for CVE-2020-1472 using the Microsoft support bulletin’s instructions.

This is a developing story.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us