Tech & Science hackers use bugs in VPN and Windows Netlogon

13:20  12 october  2020
13:20  12 october  2020 Source:   zdnet.de

Microsoft warns again of attacks on Zerologon vulnerability

 Microsoft warns again of attacks on Zerologon vulnerability © DEFAULT_CREDIT Security (Image: Shutterstock) There are new reports of continued activities by cybercriminals. Microsoft reiterates that the August update is only the first step in fixing the vulnerability. Only a patch announced for February fully closes the security gap. Microsoft has issued an further warning against attacks on the Windows Netlogon protocol via the Microsoft Security Response Center.

Hackers would only need to forge an authentication token for a specific Netlogon functionality. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol, which among other things can be used to update computer passwords.

Most hackers don’t. They’re too easy to break the anonymization and there are better ways to anonymize your connection. It’s like a Honda Civic vpn is really only needed whenyou dont want anyone to be able to read the stuff you are up tobetween two points…eg i use a vpn to attach to my

The vulnerability allows attackers to take over domain controllers, enable server users to manage entire internal / company networks and normally contains the passwords for all connected workstations. CISA and FBI say attackers combine these two vulnerabilities to hijack Fortinet servers and then pan and take over internal networks with Zerologon.

"Actors were observed using legitimate remote access tools such as VPN and Remote Desktop Protocol (RDP) to access the environment with the compromised credentials," added the two authorities.

The joint warning did not contain any details about the attackers, other than that they were described as "Advanced Persistent Threat (APT) actors". The term is often used by cyber security professionals to describe government sponsored groups of hackers. Last week, said Microsoft saw the Iranian APT-Mercury (MuddyWatter) exploit the Zerologon bug in the recent attacks. This is a threat actor known to have targeted US government agencies in the past.

England vs Ireland live stream: how to watch the Autumn Nations for free

  England vs Ireland live stream: how to watch the Autumn Nations for free England take on Ireland at Twickenham in the Autumn Nations Cup 2020Good news: most Autumn Nations Cup rugby games are 100 percent free to watch in the UK. Coverage is split across Amazon Prime and Channel 4.

The ComputeNetlogonCredential function in Netlogon sets the IV to a fixed 16 bits, which means an attacker could control the deciphered text. In order to exploit this vulnerability, the attacker would need to launch the attack from a machine on the same Local Area Network (LAN) as their target.

All of you are well aware that using a VPN prevents the interception of valuable data at the Wi-Fi level, therefore while using public Wi-Fi VPN is a fundamental security tool. If you are connecting Wi-Fi without VPN in public places, I'm afraid this course will not be able to help you.

Both authorities recommended updating the systems to fix the two bugs, for which patches have been available for months. In addition, the CISA and FBI also warned that hackers could swap the Fortinet bug for any other vulnerability in VPN and gateway products that have come to light in recent months and offer similar access.

These include Pulse Secure "Connect" corporate VPNs (CVE-2019-11510), Palo Alto Networks "Global Protect" VPN servers (CVE-2019-1579), Citrix "ADC" servers and Citrix network Gateways (CVE-2019-19781), MobileIron Mobile Device Management Server (CVE-2020-15505), and F5 BIG-IP Network Balancers (CVE-2020-5902)

These vulnerabilities are easily resolved using the Zerologon Windows Link bug for attacks similar to the Fortinet and Zerologon attacks observed by CISA.

ADVERTISEMENT How to react to the increased demand for online videos - important findings and trends

The lockdown introduced by numerous countries due to the corona crisis and the associated social distancing have set new records in online video traffic. In this webinar, learn how to examine and quantify data to assess network and CDN load.

Register now and watch the recording.

La Liga live stream: watch Real Madrid and Barcelona online for free .
How to watch Barcelona and Real Madrid on TV, online and on the go.Premier Sports have the rights to show Spanish football in the UK and Ireland in conjunction with LaLigaTV, and its sister site, FreeSports, will also show select matches entirely free of charge. Note that viewers outside the UK at the time of a game will need a VPN to access their Premier Sports or FreeSports stream.

usr: 8
This is interesting!