CTOvision

AUGUST 4, 2014

Extends Platform Coverage to Windows 8.1 releases as part of the Invincea platform focus specifically on the enterprise need for rapid adoption and ongoing management of large-scale Invincea deployments, including coverage for Microsoft’s recent Windows and Office product suites. . – bg. From Invincea. The FreeSpace 4.0

Security 102

Security Enterprise Windows Malware 102

Tenable

APRIL 3, 2020

Zoom Windows client: UNC path injection. On April 1, Zoom announced a fix for a flaw in the Windows client. Hi @zoom_us & @NCSC - here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use in SMBRelay attacks. pic.twitter.com/gjWXas7TMO. or later.

Software Review 119

Software Review Windows Meeting .Net 119

Tenable

OCTOBER 28, 2021

The joint CISA, FBI and NSA alert described the following: “According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network: 2017 Microsoft Windows Server Message Block 1.0 BlackMatter .

Software Review 104

Software Review Windows SMB Network 104

Tenable

AUGUST 19, 2022

Windows SMB remote code execution (EternalBlue). Windows Background Intelligent Transfer Service elevation of privilege. Windows Print Spooler remote code execution (PrintNightmare). Windows AppX installer spoofing vulnerability. Microsoft Windows Support Diagnostic Tool remote code execution (Follina).

IoT 52

IoT Malware Windows Guidelines 52

AlienVault

JULY 18, 2018

ZombieBoy makes use of several exploits during execution: CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003. CVE-2017-0143, SMB exploit. CVE-2017-0146, SMB exploit. The program used to install the 2 exploits is called ZombieBoyTools and appears to be of chinese origin. Installation.

Malware 40

Malware SMB Analysis System 40

AlienVault

SEPTEMBER 24, 2018

2018 seems to be a time for highly profitable cryptominers that spread over SMB file-shares. During the execution of the Install module, MadoMiner makes use of several exploits: CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003. CVE-2017-0143, SMB exploit. CVE-2017-0146, SMB exploit.

Malware 40

Malware SMB .Net Architecture 40

Tenable

NOVEMBER 10, 2021

Cybersecurity and Infrastructure Security Agency's Binding Operational Directive 22-01, any organization would do well to consider prioritizing these flaws as part of their risk-based vulnerability management program. Learn how to set up credentialed scans on Windows and Linux and protect scanning credentials. Learn More.

Systems Review 55

Systems Review Software Review Authentication Policies 55

ProtectWise

MARCH 27, 2017

Twenty-three percent of our attendees said their organization has a formalized threat hunting program. That number aligns with a recent SANS survey that asked a similar question and found that 28% of organizations it queried have a designated program with assigned staff for threat hunting. Act proactively, not reactively.

Cloud 40

Cloud SMB Scalability Storage 40

Jeremiah Grossman

JANUARY 12, 2010

Slowloris HTTP DoS Robert Hansen, (additional credit for earlier discovery to Adrian Ilarion Ciobanu & Ivan Ristic - “Programming Model Attacks” section of Apache Security for describing the attack, but did not produce a tool) 6. Flickr's API Signature Forgery Vulnerability (MD5 extension attack) Thai Duong and Juliano Rizzo 4.

SMB 40

SMB Research Operating System Windows 40

AlienVault

OCTOBER 29, 2018

During the execution of sogou.exe, the following exploits are used to install on new victims’ PCs: CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003. CVE-2017-0143, SMB exploit. CVE-2017-0146, SMB exploit. First, 360Safe.exe drops Conhost.exe into C:%Windows%Fonts. Installation.

Malware 40

Malware Windows IPv6 Analysis 40