Search the Community
Showing results for tags 'zerologon'.
The story of ZeroLogon This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vulnerability for their own purposes. This is the story of ZeroLogon. What is ZeroLogon? The ZeroLogon vulnerability was discovered by researchers at Secura and is listed in the Common
mood posted a topic in Security & Privacy NewsMicrosoft warns of incoming Windows Zerologon patch enforcement Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. Zerologon is a critical 10/10 rated security flaw tracked as CVE-2020-1472 which, when successfully exploited, enables attackers to elevate privileges to domain administrator and take control over the domain. "We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Control
Zerologon is now affecting NAS devices Your network-attached storage could be at risk (Image credit: Shutterstock) Some network-attached storage (NAS) devices could be vulnerable to the Windows Zerologon security flaw, according to NAS manufacturer QNAP. Attackers could exploit the bug to bypass security measures remotely. NAS devices running a vulnerable version of the QTS operating system are deemed to be at risk. In addition, NAS devices must be configured as a Windows domain controller to be exploited by a threat act
Karlston posted a topic in Security & Privacy NewsMicrosoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest. DHS’s Cybersecurity and Infrastructure Agency (CISA) said in the directive