New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains

The recently published DFSCoerce PoC exploit uses the MS-DFSNM file system to take over Windows domains. This exploit is conceptually similar to the sensational PetitPotam attack. Let me remind you that we recently talked about how LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities. Filip Dragovich published a PoC script called “DFSCoerce” to attack an NTLM… Continue reading New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains

Microsoft Has Already Patched a Vulnerability in Windows RDP Twice

This week, CyberArk researchers shared technical information about a named pipe RDP (Remote Desktop Protocol) vulnerability in Windows, for which Microsoft had to release two patches. The RCE vulnerability CVE-2022-21893 was fixed on January 2022 Patch Tuesday, but the attack vector was not fixed. In April 2022, Microsoft already fixed the new bug CVE-2022-24533. Let… Continue reading Microsoft Has Already Patched a Vulnerability in Windows RDP Twice

Microsoft Fixed Follina Vulnerability and 55 Other Bugs

As part of the June Patch Tuesday, Microsoft finally fixed the Follina Critical Vulnerability associated with Windows MSDT, and fixed 55 more bugs in its products. As a reminder, Follina (CVE-2022-30190) is a remote code execution issue in the Microsoft Windows Support Diagnostic Tool (MSDT) and affects all versions of Windows that receive security updates… Continue reading Microsoft Fixed Follina Vulnerability and 55 Other Bugs

Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster

Hackers are actively exploiting the critical 0-day Follina vulnerability, which Microsoft is in no hurry to fix. Researchers warn that European governments and municipalities in the US have been targeted by a phishing campaign using malicious RTF documents. Let me remind you that the discovery of Follina became known at the end of May, although… Continue reading Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster

Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Security researchers recently discovered a zero-day vulnerability in Microsoft Office dubbed Follina. The bug can be exploited through the normal opening of a Word document, using it to execute malicious PowerShell commands through the Microsoft Diagnostic Tool (MSDT). Let me remind you that we also wrote that Lapsus$ hack group stole the source codes of… Continue reading Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Fake Exploits Used to Deliver Cobalt Strike Beacons

Cyble experts have warned that cybercriminals are attacking IS researchers, distributing malware under the guise of exploits for Windows, which eventually installs Cobalt Strike beacons on the experts’ machines. Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons. Cyble analysts report that malware disguised as PoC exploits for a… Continue reading Fake Exploits Used to Deliver Cobalt Strike Beacons

Information Security Specialist Showed How to Steal a Tesla Car

Sultan Qasim Khan, a security consultant of the NCC Group, has disclosed a vulnerability that allows attackers to enter the salon and steal a Tesla car. The vulnerability consists of the redirection of communication between the Tesla owner’s smartphone or key fob and the car itself. During the demonstration, the specialist used two small repeaters… Continue reading Information Security Specialist Showed How to Steal a Tesla Car

Microsoft Has Not Fully Coped with PetitPotam Attacks in Windows NTLM Relay

In May, Microsoft released a security update, as it had previously not fully coped with attacks called PetitPotam. The update and mitigation recommendations target a heavily exploited vulnerability in NTLM Relay called Windows LSA Spoofing Vulnerability with the number CVE-2022-26925. Last July, security researcher Gilles Lionel, also known as Topotam, introduced a new PetitPotam method… Continue reading Microsoft Has Not Fully Coped with PetitPotam Attacks in Windows NTLM Relay

F5 warns of critical BIG-IP RCE vulnerability

0-day vulnerability, Vulnerabilities, F5 Inc, Security breach, Exploit,

F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability

Zero Day Attacks – How To Prevent Them?

Zero-day vulnerabilities, Zero-day exploits, Exploit

Zero-day attacks are the real mess of a modern cybersecurity world. You may have a perfect protection system established in your network, and your employees may be warned and ready to react properly if something goes wrong, but that still is not enough to say that a zero-day threat is avoided. So is there a… Continue reading Zero Day Attacks – How To Prevent Them?