CVE-2020-0796
published 2020-03-12CVE-2020-0796: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows…
PriorityP199critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2022-08-10
Exploited in the wild
EPSS
99.81%
100.0th percentile
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_32-bit_systems | — | — |
| msrc | windows_10_version_1909_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_server_version_1903 | — | — |
| msrc | windows_server_version_1909 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-0796 (SMBGhost) affects the SMBv3 (Server Message Block 3.1.1) protocol; detection should focus on specially-crafted SMB packets sent to Windows SMB listeners. Proof-of-concept exploit code was publicly released on April 1, 2020. ↗
- →CVE-2020-0796 was among the top exploited vulnerabilities of 2020 and co-occurred with ransomware, exploit kits, phishing attacks, and RATs; prioritize detection on SMBv3 traffic and patch status. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck10.0CRITICAL
cisa10.0CRITICAL
vendor_msrc10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft SMBv3 Remote Code Execution Vulnerability
cisa·2022-02-10·CVSS 10.0
CVE-2020-0796 [CRITICAL] CWE-119 Microsoft SMBv3 Remote Code Execution Vulnerability
Vulnerability: Microsoft SMBv3 Remote Code Execution Vulnerability
Affected: Microsoft SMBv3
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-0796
Remediation Due Date: 2022-08-10
Microsoft
Windows SMBv3 Client/Server Remote Code Execution Vulnerability
vendor_msrc·2020-03-10·CVSS 10.0
CVE-2020-0796 [CRITICAL] Windows SMBv3 Client/Server Remote Code Execution Vulnerability
Windows SMBv3 Client/Server Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
FAQ: What steps ca
GHSA
GHSA-vh23-87v3-h8c6: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3
ghsa_unreviewed·2022-05-24
CVE-2020-0796 [HIGH] CWE-119 GHSA-vh23-87v3-h8c6: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
VulnCheck
Microsoft SMBv3 Remote Code Execution Vulnerability
vulncheck·2020·CVSS 10.0
CVE-2020-0796 [CRITICAL] CWE-119 Microsoft SMBv3 Remote Code Execution Vulnerability
Microsoft SMBv3 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Affected: Microsoft SMBv3
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/; https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-defenders-blog-netwalker/; https://www.hhs.gov/sites/default/files/netwalker.pdf; https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/; https://cyb
No detection rules found.
Exploit-DB
Microsoft Windows - 'SMBGhost' Remote Code Execution
exploitdb·2020-06-02·CVSS 10.0
CVE-2020-0796 [CRITICAL] Microsoft Windows - 'SMBGhost' Remote Code Execution
Microsoft Windows - 'SMBGhost' Remote Code Execution
---
#!/usr/bin/env python
'''
# EDB Note ~ Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48537.zip
# SMBGhost_RCE_PoC
RCE PoC for CVE-2020-0796 "SMBGhost"
For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of my lab environment. It was written quickly and needs some work to be more reliable. Sometimes you BSOD. Using this for any purpose other than self education is an extremely bad idea. Your computer will burst in flames. Puppies will die.
Now that that's out of the way....
Usage ex:
```
$SMBGhost_RCE_PoC python exploit.py -ip 192.168.142.131
[+] found low stub at phys addr 13000!
[+] PML4 at 1ad000
[+] base of HAL heap at fffff794
Exploit-DB
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
exploitdb·2020-03-30·CVSS 10.0
CVE-2020-0796 [CRITICAL] Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
---
# CVE-2020-0796
Windows SMBv3 LPE Exploit
## Authors
* Daniel García Gutiérrez ([@danigargu](https://twitter.com/danigargu))
* Manuel Blanco Parajón ([@dialluvioso_](https://twitter.com/dialluvioso_))
## References
* https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
* https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html
* https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server.html#.Xndfn0lv150.twitter
* https://www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796/
* http://blogs.360.cn/post/CVE-2020-0796.html
* https://blog.zec
Exploit-DB
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
exploitdb·2020-03-14·CVSS 10.0
CVE-2020-0796 [CRITICAL] Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
---
# CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost
Download ~ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48216.zip
## Usage
`./CVE-2020-0796.py servername`
This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash the target.
This contains a modification of the excellent [smbprotocol](https://github.com/jborean93/smbprotocol) with added support for SMB 3.1.1 compression/decompression (only LZNT1). Most of the additions are in `smbprotocol/connection.py`. A version of [lznt1](https://github.com/you0708/l
Nuclei
Microsoft SMBv3 - Remote Code Execution
nuclei·CVSS 10.0
CVE-2020-0796 [CRITICAL] Microsoft SMBv3 - Remote Code Execution
Microsoft SMBv3 - Remote Code Execution
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Template:
id: CVE-2020-0796
info:
name: Microsoft SMBv3 - Remote Code Execution
author: Yusuf Amr
severity: critical
description: |
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
impact: |
Unauthenticated attackers can exploit SMBv3 protocol handling vulnerabilities to execute arbitrary code on Windows 10 and Windows Server systems, enabling complete system compromise.
Metasploit
SMBv3 Compression Buffer Overflow
metasploit
SMBv3 Compression Buffer Overflow
SMBv3 Compression Buffer Overflow
A vulnerability exists within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol that can be leveraged to execute code on a vulnerable server. This local exploit implementation leverages this flaw to elevate itself before injecting a payload into winlogon.exe.
Metasploit
SMBv3 Compression Buffer Overflow
metasploit
SMBv3 Compression Buffer Overflow
SMBv3 Compression Buffer Overflow
A vulnerability exists within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol that can be leveraged to execute code on a vulnerable server. This remove exploit implementation leverages this flaw to execute code in the context of the kernel, finally yielding a session as NT AUTHORITY\SYSTEM in spoolsv.exe. Exploitation can take a few minutes as the necessary data is gathered.
Zscaler
CVE-2025-53770 | ThreatLabz
blogs_zscaler·2025-07-21·CVSS 9.8
[CRITICAL] CVE-2025-53770 | ThreatLabz
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Dfir Report
Inside the Open Directory of the “You Dun” Threat Group
blogs_dfir_report·2024-10-28
Inside the Open Directory of the “You Dun” Threat Group
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion Read More
- dragonforce Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs Read More
Services Overview
Threat Hunting
-
Integration
CTI Program Advisory
Incident Response Playbook
About us
Contact Us
Collaboration
Careers
Analysts
Access DFIR Labs
Get in Touch
Public Reports
Products Overview
Threat intel Overview
Threat Feed
Private DFIR Reports
All Intel
Active Defense
DFIR Labs
Case Artifacts
Detection Pack
AI Training Ground
Service Overview
Threat Hunting
Integration
CTI Program Advisory
Incident Response Playbook
Company Overview
About us
Contact Us
Careers
Analyst
SQL Brute Force Leads to BlueSky Ransomware
From OneNote to RansomNote: An Ice Col
Tenable
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
blogs_tenable·2024-10-22
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Sentinelone
BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
blogs_sentinelone·2022-08-25·CVSS 10.0
[CRITICAL] BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
BlueSky ransomware is an emerging threat that researchers have been paying increasing attention to since its initial discovery in late June 2022. The ransomware has been observed being spread via trojanized downloads from questionable websites as well as in phishing emails.
Although infections at this time remain low, the ransomware’s characteristics, described below, suggest it has been carefully developed for a sustained campaign. In this post, we cover the latest intelligence on BlueSky ransomware to help security teams defend against this developing threat.
## Emergence of BlueSky Ransomware
BlueSky was first noted on VirusTotal by researcher @Kangxiaopao in late June 2022. Subsequently, analysts from CloudSek and Unit42 have documented some of BlueSky’s behavior.
At present, BlueS
Sentinelone
BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
blogs_sentinelone·2022-08-25
BlueSky Ransomware | AD Lateral Movement, Evasion and Fast Encryption Put Threat on the Radar
BlueSky ransomware is an emerging threat that researchers have been paying increasing attention to since its initial discovery in late June 2022. The ransomware has been observed being spread via trojanized downloads from questionable websites as well as in phishing emails.
Although infections at this time remain low, the ransomware’s characteristics, described below, suggest it has been carefully developed for a sustained campaign. In this post, we cover the latest intelligence on BlueSky ransomware to help security teams defend against this developing threat.
## Emergence of BlueSky Ransomware
BlueSky was first noted on VirusTotal by researcher @Kangxiaopao in late June 2022. Subsequently, analysts from CloudSek and Unit42 have documented some of BlueSky’s behavior.
At present, BlueS
Unit42
BlueSky Ransomware: Fast Encryption via Multithreading
blogs_unit42·2022-08-10
BlueSky Ransomware: Fast Encryption via Multithreading
## Executive Summary
BlueSky ransomware is an emerging family that has adopted modern techniques to evade security defenses.
Ransomware is a malicious program designed to encrypt a user’s data and demand a ransom for the decryption. BlueSky ransomware predominantly targets Windows hosts and utilizes multithreading to encrypt files on the host for faster encryption.
In our analysis, we found code fingerprints from samples of BlueSky ransomware that can be connected to the Conti ransomware group. In particular, the multithreaded architecture of BlueSky bears code similarities with Conti v3, and the network search module is an exact replica of it.
However, in another respect, BlueSky more closely resembles Babuk Ransomware. Both use ChaCha20, an algorithm for file encryption, along with C
Unit42
BlueSky Ransomware: Fast Encryption via Multithreading
blogs_unit42·2022-08-10
BlueSky Ransomware: Fast Encryption via Multithreading
Threat Research Center
Threat Research
Ransomware
## BlueSky Ransomware: Fast Encryption via Multithreading
Muhammad Umer Khan
Lee Wei
Yang Ji
Wenjun Hu
Published: August 10, 2022
Ransomware
Threat Research
Babuk
BlueSky Ransomware
Conti ransomware
Grumpy Scorpius
Investigation and Response
PowerShell
Redline infostealer
Threat intelligence
Zealous Scorpius
## Executive Summary
BlueSky ransomware is an emerging family that has adopted modern techniques to evade security defenses.
Ransomware is a malicious program designed to encrypt a user’s data and demand a ransom for the decryption. BlueSky ransomware predominantly targets Windows hosts and utilizes multithreading to encrypt files on the host for faster encryption.
In our analysis, we found code fingerprints f
Tenable
Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)
blogs_tenable·2022-08-09·CVSS 7.8
[HIGH] Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
blogs_tenable·2022-03-24
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Tenable
Examining the Treat Landscape
blogs_tenable·2021-10-29
Examining the Treat Landscape
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Fortinet
Recent Attack Uses Vulnerability on Confluence Server | FortiGuard Labs
blogs_fortinet·2021-10-21·CVSS 9.8
CVE-2021-26084 [CRITICAL] Recent Attack Uses Vulnerability on Confluence Server | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Recent Attack Uses Vulnerability on Confluence Server
By Cara Lin | October 21, 2021
FortiGuard Labs Threat Research Report
Affected platforms: Atlassian’s Confluence
Impacted parties: Confluence Server or Data Center instance
Impact: An OGNL injection vulnerability exists that would allow an unauthenticated user to execute arbitrary code
Severity level: Critical
Introduction of CVE-2021-26084
In August 2021, Atlassian published a security advisory about CVE-2021-26084 that could enable a threat actor to run arbitrary code on unpatched Confluence Server and Data Center instances. FortiGuard Labs analyzed the situation and published a Threat Signal with relevant information. After releasing the advisory, there occur massive scanning and proof-of-concept
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
Tenable
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
blogs_tenable·2021-03-10
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
2nd November – Threat Intelligence Bulletin
blogs_checkpoint·2020-11-02
CVE-2020-17087 2nd November – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd November – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 2nd November, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CISA, FBI and HHS have released a warning against an increase in Ryuk ransomware attacks on US hospitals. Check Point Research have shown that indeed, healthcare is currently the most targeted industry in the US, with a 71% increase in attacks compared to last month. Other regions have experienced an increase of 30%.
C
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on Apple macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Evgeny Lopatin
- Fedor Sinitsyn
- Denis Parinov
- Oleg Kupreev
- Alexey Kulaev
- Alexander Kolesnikov
IT threat evolution Q2 2020. Review
IT threat evolution Q2 2020. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2:
- Kaspersky solutions blocked 899,744,810 attacks launched from online resources in 191 countries across the globe.
- As many as 286,
Securelist
IT threat evolution Q2 2020. PC statistics
blogs_securelist·2020-09-03
IT threat evolution Q2 2020. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trend highlights
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new modifications
Number of users attacked by miners
Geography of attacks
Vulnerable applications used by cybercriminals during cyberattacks
Attacks on Apple macOS
Threat geography
IoT attacks
IoT threat statistics
Threats loaded into traps
Attacks via web resources
Countries that are sources of web-based attacks: TOP 10
Countries where users faced the greatest risk of online infection
Local threats
Countries where users faced the highest risk of local infection
Authors
Victor
Tenable
CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed)
blogs_tenable·2020-07-14·CVSS 10.0
[CRITICAL] CVE-2020-1350: Wormable Remote Code Execution Vulnerability in Windows DNS Server Disclosed (SIGRed)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, June 2020 Edition
blogs_krebs·2020-06-15·CVSS 10.0
[CRITICAL] Microsoft Patch Tuesday, June 2020 Edition
Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there are a few vulnerabilities that deserve special attention — particularly for enterprises and employees working remotely.
A chief concern among the panoply of patches is a trio of vulnerabilities in the Windows file-sharing technology (a.k.a. Microsoft Server Message Block or “SMB” service). Perhaps most troubling of these (CVE-2020-1301) is a remote code execution bug in SMB capabilities built into Windows 7 and Windows Server 2008 systems — both operating systems that Micros
Fortinet
FortiGuard Labs Discovers Privilege Escalation Vulnerability in Windows 10 Platform
blogs_fortinet·2020-06-11·CVSS 5.5
[MEDIUM] FortiGuard Labs Discovers Privilege Escalation Vulnerability in Windows 10 Platform
FORTIGUARD LABS THREAT RESEARCH
FortiGuard Labs Discovers Privilege Escalation Vulnerability in Windows 10 Platform
By Kushal Arvind Shah | June 11, 2020
FortiGuard Labs Threat Research Report
Affected platforms: Windows 10 & Windows Server 2019
Impacted parties: Windows 10 version 1809 + and Windows Server version 1903 +
Impact: Privilege Escalation & User-Privacy Settings Violation
Severity level: Important
This past January, I discovered and reported two Privilege Escalation Vulnerabilities related to User Privacy in the Microsoft Windows 10 platform. This Patch Tuesday (dated June 09, 2020), Microsoft released a security patch for one of these vulnerabilities. This vulnerability is identified as CVE-2020-1296. The root cause for this vulnerability is the lack of Privacy Settings
Tenable
SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1
blogs_tenable·2020-06-10·CVSS 7.5
[HIGH] SMBleed (CVE-2020-1206) and SMBLost (CVE-2020-1301) Vulnerabilities Affect Microsoft SMBv3 and SMBv1
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, June 2020 Edition
blogs_krebs·2020-06-10·CVSS 10.0
[CRITICAL] Microsoft Patch Tuesday, June 2020 Edition
Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. None of the bugs addressed this month are known to have been exploited or detailed prior to today, but there are a few vulnerabilities that deserve special attention — particularly for enterprises and employees working remotely.
June marks the fourth month in a row that Microsoft has issued fixes to address more than 100 security flaws in its products. Eleven of the updates address problems Microsoft deems “critical,” meaning they could be exploited by malware or malcontents to seize complete, remote control over vulnerable systems without any help from users.
A chief concern amon
Tenable
Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
blogs_tenable·2020-06-09·CVSS 7.5
[HIGH] Microsoft’s June 2020 Patch Tuesday Addresses 129 CVEs Including Newly Disclosed SMBv3 Vulnerability (CVE-2020-1206)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, April 2020 Edition
blogs_krebs·2020-04-14·CVSS 10.0
CVE-2020-1020 [CRITICAL] Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Near the top of the heap is CVE-2020-1020, a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in active attacks.
The Adobe Font Manager library is the source of yet another zero-day flaw — CVE-2020-0938 — although experts at security vendor Tenable say there is currently no confirmation that the two are related to the same set of in-the-wild at
Krebs
Microsoft Patch Tuesday, April 2020 Edition
blogs_krebs·2020-04-14·CVSS 10.0
[CRITICAL] Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users.
Near the top of the heap is CVE-2020-1020 , a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in a
Checkpoint
6th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-06·CVSS 8.8
CVE-2019-17026 [HIGH] 6th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 6th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
A new campaign of the Zeus Sphinx banker is targeting clients of US, Canadian and Australian banks using COVID-19 themed emails. Emails titled “COVID 19 relief” contain password-protected Word documents with malicious macros.
Check Point SandBlast, Anti-Bot and Anti-virus provide protection against this threat (Trojan-B
Fortinet
New Agent Tesla Variant Spreading by Phishing
blogs_fortinet·2020-04-01
New Agent Tesla Variant Spreading by Phishing
FORTIGUARD LABS THREAT RESEARCH
New Agent Tesla Variant Spreading by Phishing
By Xiaopeng Zhang and Chris Navarrete | April 01, 2020
FortiGuard Labs Threat Analysis Report
Affected platforms: Windows
Impacted parties: Windows users with saved credentials
Impact: Collecting device information and saved credentials
Severity level: High
Agent Tesla is a spyware, keylogger, and information stealer Trojan written in Microsoft’s .Net language (C#, VB .Net, etc). Agent Tesla has been observed in the world since 2014, and has been active ever since. Agent Tesla is also a commercial project, whose subscription license is sold on its official website.
Several days ago, FortiGuard Labs captured a phishing email with an attachment that is being used to spread a new version of Agent Tesla. Figure
Fortinet
Offense and Defense – A Tale of Two Sides: Bypass UAC | FortiGuard Labs
blogs_fortinet·2020-04-01
Offense and Defense – A Tale of Two Sides: Bypass UAC | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Offense and Defense – A Tale of Two Sides: Bypass UAC
By Anthony Giandomenico | April 01, 2020
FortiGuard Labs Threat Analysis Report
This is the 2nd installment of the “Offense and Defense – A Tale of Two Sides” blog series, where we focus on different tactics and techniques malicious actors use to complete their cyber missions—and how organizations can detect and ultimately prevent them. You can check out the blog series at Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts, Offense and Defense – A Tale of Two Sides: PowerShell, and Offense and Defense – A Tale of Two Sides: OS Credential Dumping.
Introduction
In this month’s “Offense and Defense – A Tale of Two Sides” blog, we will be walking through a new technique in sequence
Fortinet
Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
blogs_fortinet·2020-03-23·CVSS 9.8
[CRITICAL] Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
FORTIGUARD LABS THREAT RESEARCH
Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
By Kushal Arvind Shah | March 23, 2020
FortiGuard Labs Vulnerability Update
Affected platforms: Adobe Photoshop CC 2020 running on Windows 10 and Windows 7 OS
Impacted parties: Users of Adobe Photoshop CC 2020 versions 21.1 and earlier
Impact: Multiple vulnerabilities enable the remote execution of arbitrary code
Severity level: High
This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-37
Qualys
Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR | Qualys
blogs_qualys·2020-03-16·CVSS 10.0
CVE-2020-0796 [CRITICAL] Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR | Qualys
This month’s Patch Tuesday, Microsoft disclosed a critical “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. The exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.
Qualys released a blog post earlier on how to identify SMBv3 vulnerability in your environment:
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
Here we describe how to resolve it with Qualys VMDR®.
### Identify Assets,Discover,Prioritize and Remediate using QualysVMDR®
Qualys VMDR, all-in-one vulnerability management, detection and response enables:
- Identification of known and unknown hosts running vulnerable SMBv3 servers and clients
- Automatic det
Checkpoint
16th March – Threat Intelligence Bulletin
blogs_checkpoint·2020-03-16
CVE-2020-0796 16th March – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 16th March – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 16th March 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
A campaign leveraging the COVID-19 pandemic to target the Mongolian government and public sector has been detected by Check Point Research. The campaign, attributed to a China-linked APT group, used spear-phishing and coronavirus-themed documents to install a custom remote-access Trojan.
Check Point SandBlast Agent pr
Qualys
Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR
blogs_qualys·2020-03-16·CVSS 10.0
CVE-2020-0796 [CRITICAL] Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR
This month’s Patch Tuesday , Microsoft disclosed a critical “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) protocol. The exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.
Qualys released a blog post earlier on how to identify SMBv3 vulnerability in your environment:
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
Here we describe how to resolve it with Qualys VMDR®.
## Identify Assets , Discover, Prioritize and Remediate using Qualys VMDR ®
Qualys VMDR, all-in-one vulnerability management, detection and response enables:
Identification of known and unknown hosts running vulnerable SMBv3 servers and clients
Autom a tic
Tenable
Media Alert: Tenable Releases Plugins for EternalDarkness
blogs_tenable·2020-03-13·CVSS 10.0
CVE-2020-0796 [CRITICAL] Media Alert: Tenable Releases Plugins for EternalDarkness
## Media Alert: Tenable Releases Plugins for EternalDarkness
March 13, 2020
·
Columbia, MD
Tenable®, Inc. , the Cyber Exposure company, has released plugins for EternalDarkness (CVE-2020-0796), a “wormable” remote code execution (RCE) vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3). The flaw would grant attackers arbitrary code execution in both SMB Server and SMB Client.
Details about the flaw were mistakenly disclosed earlier this week in a security vendor’s Microsoft Patch Tuesday blog post. Microsoft subsequently acknowledged the vulnerability publicly and published an advisory for it.
“This vulnerability is unique in a few ways, most notably the accidental disclosure and out-of-band patch. Microsoft rarely releases patches outside of its normal patch cycle, so this u
Fortinet
CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server | FortiGuard Labs
blogs_fortinet·2020-03-12·CVSS 8.8
CVE-2020-0796 [HIGH] CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
CVE-2020-0796 Memory Corruption Vulnerability in Windows 10 SMB Server
By Yijie Wang | March 12, 2020
FortiGuard Labs Threat Analysis Report
Affected platforms: Windows 10
Impacted parties: All Windows users
Impact: An unauthenticated attacker can exploit this wormable vulnerability to cause memory corruption, which may lead to remote code execution.
Severity level: High
Solution: All Windows 10 users are urged to apply the patch for CVE-2020-0796
Introduction
Microsoft recently released a patch for CVE-2020-0796, a critical SMB server vulnerability that affects Windows 10. An unauthenticated attacker can exploit this vulnerability to cause memory corruption, which may lead to remote code execution.
This SMB vulnerability also has the potential to
Trendmicro
Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
blogs_trendmicro·2020-03-11·CVSS 8.8
[HIGH] Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
Exploits & Vulnerabilities
## Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
March Patch Tuesday tackles a total of 115 vulnerabilities. 26 were identified as Critical, 88 deemed Important, and one was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before being patched.
By: Trend Micro 2020/03/11 Read time: ( words)
Save to Folio
Updated on March 12, 2020, 10:30 P.M. Eastern time with information about the SMBv3 vulnerability.
Following the unexpectedly long list of fixes included in last month ’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Important
Trendmicro
Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
blogs_trendmicro·2020-03-11·CVSS 8.8
[HIGH] Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
Ausnutzung von Schwachstellen
## Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
March Patch Tuesday tackles a total of 115 vulnerabilities. 26 were identified as Critical, 88 deemed Important, and one was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before being patched.
By: Trend Micro Mar 11, 2020 Read time: ( words)
Save to Folio
Updated on March 12, 2020, 10:30 P.M. Eastern time with information about the SMBv3 vulnerability.
Following the unexpectedly long list of fixes included in last month ’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Impo
Qualys
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
blogs_qualys·2020-03-11·CVSS 10.0
CVE-2020-0796 [CRITICAL] Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
## Table of Contents
The Vulnerability
Affected Operating Systems
Exploits/PoC:
Detecting CVE-2020-0796 with Qualys VM
Detection Dashboard
This month’s Patch Tuesday , Microsoft disclosed a remote code execution vulnerability in SMB 3.1.1 (v3) protocol. Even though initial release of the Patch Tuesday did not mention this vulnerability, details of the issue (CVE-2020-0796) were published accidentally on another security vendor’s blog. Microsoft published security advisory ADV200005 and technical guidance soon after the accidental disclosure of the vulnerability.
UPDATE March 12, 2020 : Microsoft updated ADV200005 to include CVE-2020-0796 and released patches for affected Windows systems.
## The Vulnerability
A critical remote code execution vulnerability exists in the way that the
Trendmicro
Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
blogs_trendmicro·2020-03-11·CVSS 8.8
[HIGH] Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
Exploits y vulnerabilidades
## Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
March Patch Tuesday tackles a total of 115 vulnerabilities. 26 were identified as Critical, 88 deemed Important, and one was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before being patched.
By: Trend Micro Mar 11, 2020 Read time: ( words)
Save to Folio
Updated on March 12, 2020, 10:30 P.M. Eastern time with information about the SMBv3 vulnerability.
Following the unexpectedly long list of fixes included in last month ’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Import
Trendmicro
Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
blogs_trendmicro·2020-03-11·CVSS 8.8
[HIGH] Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
Exploits & Vulnerabilities
# Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
March Patch Tuesday tackles a total of 115 vulnerabilities. 26 were identified as Critical, 88 deemed Important, and one was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before being patched.
By: Trend Micro
2020/03/11
Read time: ( words)
Save to Folio
Updated on March 12, 2020, 10:30 P.M. Eastern time with information about the SMBv3 vulnerability.
Following the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Important
Trendmicro
Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
blogs_trendmicro·2020-03-11·CVSS 8.8
[HIGH] Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
Sfruttamento vulnerabilità
## Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
March Patch Tuesday tackles a total of 115 vulnerabilities. 26 were identified as Critical, 88 deemed Important, and one was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before being patched.
By: Trend Micro Mar 11, 2020 Read time: ( words)
Save to Folio
Updated on March 12, 2020, 10:30 P.M. Eastern time with information about the SMBv3 vulnerability.
Following the unexpectedly long list of fixes included in last month ’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Importa
Zscaler
Microsoft Remote Code Execution vulnerability | blog
blogs_zscaler·2020-03-11·CVSS 10.0
[CRITICAL] Microsoft Remote Code Execution vulnerability | blog
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Unit42
Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796
blogs_unit42·2020-03-11·CVSS 10.0
CVE-2020-0796 [CRITICAL] Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796
## Executive Summary
In March 2020 Microsoft released a security advisory, ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression, for a new remote code execution (RCE) vulnerability. Shortly after this advisory was released, Microsoft issued an out-of-band patch to protect affected users from CVE-2020-0796. An out-of-band patch is typically released outside of the expected update period for a vendor. In this particular case, Microsoft is known to release updates on Patch Tuesday, which was two days prior to this out-of-band update.
This vulnerability exists within the Microsoft Server Message Block 3.0 (SMBv3), specifically regarding malformed compression headers. Compression headers are a feature that was added to SMBv3 negotiate context request packets in May 2019. For success
Trendmicro
Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
blogs_trendmicro·2020-03-11·CVSS 8.8
[HIGH] Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
Exploits & Vulnerabilities
## Patch Tuesday: LNK, Microsoft Word, SMBv3 Gets Patched
March Patch Tuesday tackles a total of 115 vulnerabilities. 26 were identified as Critical, 88 deemed Important, and one was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before being patched.
By: Trend Micro Mar 11, 2020 Read time: ( words)
Save to Folio
Updated on March 12, 2020, 10:30 P.M. Eastern time with information about the SMBv3 vulnerability.
Following the unexpectedly long list of fixes included in last month ’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Importa
Unit42
Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796
blogs_unit42·2020-03-11·CVSS 10.0
CVE-2020-0796 [CRITICAL] Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796
Mike Harbison
Brandon Young
Published: March 11, 2020
High Profile Threats
Vulnerabilities
CVE-2020-0796
Remote Code Execution
## Executive Summary
In March 2020 Microsoft released a security advisory, ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression , for a new remote code execution (RCE) vulnerability. Shortly after this advisory was released, Microsoft issued an out-of-band patch to protect affected users from CVE-2020-0796 . An out-of-band patch is typically released outside of the expected update period for a vendor. In this particular case, Microsoft is known to release updates on Patch Tuesday , which was two days prior to th
Qualys
Microsoft SMBv3 CVE-2020-0796 | Windows RCE Vulnerability | Qualys
blogs_qualys·2020-03-11·CVSS 10.0
CVE-2020-0796 [CRITICAL] Microsoft SMBv3 CVE-2020-0796 | Windows RCE Vulnerability | Qualys
#### Table of Contents
- The Vulnerability
- Affected Operating Systems
- Exploits/PoC:
- Detecting CVE-2020-0796 with Qualys VM
- Detection Dashboard
This month’s Patch Tuesday, Microsoft disclosed a remote code execution vulnerability in SMB 3.1.1 (v3) protocol. Even though initial release of the Patch Tuesday did not mention this vulnerability, details of the issue (CVE-2020-0796) were published accidentally on another security vendor’s blog. Microsoft published security advisory ADV200005 and technical guidance soon after the accidental disclosure of the vulnerability.
UPDATE March 12, 2020: Microsoft updated ADV200005 to include CVE-2020-0796 and released patches for affected Windows systems.
## The Vulnerability
A critical remote code execution vulnerability exists in the way th
Qualys
March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches | Qualys
blogs_qualys·2020-03-10·CVSS 8.8
[HIGH] March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches | Qualys
This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, 2 are for GDI+ and the remaining 3 are for LNK files, Microsoft Word and Dynamics Business. Microsoft also issued a patch for an RCE in Microsoft Word. Adobe has not posted any patches for Patch Tuesday.
On the basis of volume and severity this Patch Tuesday is heavy in weight.
See details of the new detections, including description, consequence and solution.
### Workstation Patches
The Scripting Engine, LNK files (CVE-2020-0684), GDI+(CVE-2020-0831, CVE-2020-0883) and Media Foundation (CVE-2020-0801, CVE-2020-0809, CVE-2020-0807, CVE-2020-0869) patches should be prioritized for workstati
Talos
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-03-10·CVSS 8.8
CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura.
Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
This month's patches include updates to Microsoft Media Foundation, the GDI+ API and Windows Defender, among others.
Talos released a new
Tenable
CVE-2020-0796: "Wormable" Remote Code Execution Vulnerability in Microsoft Server Message Block SMBv3 (ADV200005)
blogs_tenable·2020-03-10·CVSS 10.0
[CRITICAL] CVE-2020-0796: "Wormable" Remote Code Execution Vulnerability in Microsoft Server Message Block SMBv3 (ADV200005)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-03-10·CVSS 8.8
CVE-2020-0796 [HIGH] Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw and Vitor Ventura.
Update (March 12, 2020): Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428 protect against exploitation of CVE-2020-0796.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 117 vulnerabilities, 25 of which are considered critical. There is also one moderate vulnerability and 91 that are considered important.
This month's patches include updates to Microsoft M
Qualys
March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches
blogs_qualys·2020-03-10·CVSS 8.8
[HIGH] March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches
This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, 2 are for GDI+ and the remaining 3 are for LNK files, Microsoft Word and Dynamics Business. Microsoft also issued a patch for an RCE in Microsoft Word. Adobe has not posted any patches for Patch Tuesday.
On the basis of volume and severity this Patch Tuesday is heavy in weight.
See details of the new detections , including description, consequence and solution.
## Workstation Patches
The Scripting Engine, LNK files ( CVE-2020-0684 ), GDI+( CVE-2020-0831, CVE-2020-0883 ) and Media Foundation (CVE-2020-0801, CVE-2020-0809, CVE-2020-0807, CVE-2020-0869) patches should be prioritized for works
Fortinet
Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601
blogs_fortinet·2020-01-15·CVSS 8.1
CVE-2020-0601 [HIGH] Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601
FORTIGUARD LABS THREAT RESEARCH
Addressing Microsoft’s January 2020 Security Update for CVE-2020-0601
By FortiGuard SE Team | January 15, 2020
Microsoft’s Security Updates for January 2020 (commonly known as Patch Tuesday) were released to the public on January 14. On Monday there were rumblings across the Twittersphere that a high profile vulnerability would be addressed in today’s Patch Tuesday update. And in their cumulative update, Microsoft addressed 50 CVEs, along with one notable vulnerability – CVE-2020-0601 (CryptoAPI Spoofing Vulnerability).
CVE-2020-0601 Details
First discovered by The US National Security Agency (NSA) and disclosed to Microsoft, CVE-2020-0601 is a spoofing vulnerability which exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptog
Fortinet
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
blogs_fortinet·2018-12-16·CVSS 7.8
CVE-2018-8587 [HIGH] A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
FORTIGUARD LABS THREAT RESEARCH
A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587
By Yonghui Han | December 16, 2018
FortiGuard Labs Threat Analysis Report
Earlier this year, Fortinet's FortiGuard Labs researcher Yonghui Han reported a Heap Corruption vulnerability in Office Outlook to Microsoft by following Fortinet’s responsible disclosure process. On Patch Tuesday of December 2018, Microsoft announced that they had fixed this vulnerability, released a corresponding advisory, and assigned it the vulnerability identifier CVE-2018-8587.
Microsoft Outlook is one of the components of the Microsoft Office suite that is widely used to send and receive emails, manage contacts, record and track schedules, and perform other tasks. The Heap Corruption vulnerability was fou
Fortinet
An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)
blogs_fortinet·2018-10-19·CVSS 7.5
CVE-2018-8467 [HIGH] An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)
FORTIGUARD LABS THREAT RESEARCH
An Analysis of Microsoft Edge Chakra JavascriptArray TypeId Handling Memory Corruption (CVE-2018-8467)
By Dehui Yin | October 19, 2018
The Javascript Type Confusion bug is a critical vulnerability that exists in many popular browsers. It causes memory corruption and can possibly be exploited to execute arbitrary code when a vulnerable system browses a malicious web page. A growing number of these type of confusion bugs in the Microsoft Chakra Engine have been disclosed and fixed by over the past recent months.
CVE-2018-8467 is one of the classic ‘Type Confusion’ bugs in the Microsoft Edge Chakra Engine that was fixed by Microsoft several weeks ago. In this post, the team at FortiGuard Labs looks deeply into the Microsoft Edge Chakra Engine assembly codes
Fortinet
WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server
blogs_fortinet·2017-06-14
WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server
FORTIGUARD LABS THREAT RESEARCH
WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server
By Honggang Ren | June 14, 2017
Summary
In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft is recommending that users replace WINS with DNS.
This vulnerability affects Windows Server 2008, 2012, and 2016
Fortinet
iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
blogs_fortinet·2017-03-23·CVSS 8.1
CVE-2017-0104 [HIGH] iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
FORTIGUARD LABS THREAT RESEARCH
iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
By Honggang Ren | March 23, 2017
Summary
In November 2016, as part of my FortiGuard research work, I discovered and reported on an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the fix for this vulnerability and identifies it as CVE-2017-0104.
This vulnerability could lead to remote code execution, and is rated as critical by Microsoft. The vulnerability affects Windows Server 2008, 2012, and 2016 versions. Microsoft recommends installing this update immediately.
In this blog I will share the details of this vulnerability.
How to Reproduce
To reproduce the vulne
Fortinet
One Bit To Rule Them All: Bypassing Windows 10 Protections Using a Single Bit | FortiGuard Labs
blogs_fortinet·2015-02-10·CVSS 7.2
CVE-2015-0057 [HIGH] One Bit To Rule Them All: Bypassing Windows 10 Protections Using a Single Bit | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
One Bit To Rule Them All: Bypassing Windows 10 Protections Using a Single Bit
By Udi Yavo | February 10, 2015
Threat Analysis: This blog originally appeared on the enSilo website and is republished here for threat research purposes. enSilo was acquired by Fortinet in October 2019.
Introduction
Today (Feb 10, 2015) Microsoft released their latest Patch Tuesday. This Patch includes a fix for vulnerability CVE-2015-0057, an IMPORTANT-rated Windows exploitable vulnerability which we responsibly disclosed to Microsoft a few months ago. (enSilo researchers - now a part of FortiGuard Labs - often discover new vulnerabilities in our continuing work towards maintaining a complete endpoint security).
As part of our research, we revealed this privilege escalation vu
Recorded Future
Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
blogs_recorded_future
Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
## Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
_This report is an extension of analysis Recorded Future released, which outlined the trends in malware use, distribution, and development throughout Q1 and Q2 2020. Insikt Group used the Recorded Future® Platform to look at mainstream news, security vendor reporting, technical reporting around malware, vulnerabilities, and security breaches, and dark web and underground forums from July 1 to September 30, 2020, to examine major trends to malware impacting desktop systems and mobile devices. The trends outlined below illustrate the tactics, techniques, and procedures (TTPs) that had a major impact on technology. This report will assist threat hunters and security opera
Recorded Future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
blogs_recorded_future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
## Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
This analysis focuses on ransomware, exploit kit, phishing attack, or remote access trojan co-occurrences with vulnerabilities from January 1 to December 31, 2020. We analyzed thousands of sources, including code repositories, underground forum postings, and dark web sites. This is a follow-up to our 2019 report , and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
## Executive Summary
This report highlights the top, most weaponized vulnerabilities in 2020 based on exploitation across all industries and associations with multiple types of malware. For the first time since this report’s inception in 2015, no vulnerabilities in Adobe pro
Zscaler
Zscaler found New Security Vulnerabilities | 10-03-2020
blogs_zscaler·CVSS 10.0
[CRITICAL] Zscaler found New Security Vulnerabilities | 10-03-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Recorded Future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
blogs_recorded_future
Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
# Top Exploited Vulnerabilities in 2020 Affect Citrix, Microsoft Products
Editor’s Note*: The following post is an excerpt of a full report. To read the entire analysis,*
to download the report as a PDF.
This analysis focuses on ransomware, exploit kit, phishing attack, or remote access trojan co-occurrences with vulnerabilities from January 1 to December 31, 2020. We analyzed thousands of sources, including code repositories, underground forum postings, and dark web sites. This is a follow-up to our 2019 report, and the intended audience includes information security practitioners, especially those supporting vulnerability risk assessments.
### Executive Summary
This report highlights the top, most weaponized vulnerabilities in 2020 based on exploitation across all industries and as
Recorded Future
Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
blogs_recorded_future
Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
# Q3 Malware Trends: Ransomware Extorts Education, Emotet and Crypto Mining Malware Evolve, and Android Malware Persists
Click here to download the complete analysis as a PDF.
_This report is an extension of analysis Recorded Future released, which outlined the trends in malware use, distribution, and development throughout Q1 and Q2 2020. Insikt Group used the Recorded Future® Platform to look at mainstream news, security vendor reporting, technical reporting around malware, vulnerabilities, and security breaches, and dark web and underground forums from July 1 to September 30, 2020, to examine major trends to malware impacting desktop systems and mobile devices. The trends outlined below illustrate the tactics, techniques, and procedures (TTPs) that had a major impact on technology. Th
arXiv
Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach
arxiv_fulltext·2025-07-17
Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach
## Abstract
This paper presents a comprehensive analysis of T-Mobile’s critical data breaches in 2021 and 2023, alongside a full-spectrum security audit targeting its systems, infrastructure, and publicly exposed endpoints. By combining case-based vulnerability assessments with active ethical hacking techniques—including Shodan reconnaissance, API misuse simulations, VNC brute-forcing, firmware reverse engineering, and web application scans—we uncover structural weaknesses persisting beyond the initial breach events. Building on these findings, we propose a multi-layered defensive strategy encompassing Zero Trust Architecture, granular role-based access control, network segmentation, firmware encryption using AES with integrity checks, and API rate limiting and token lifecycle control. Fi
arXiv
On managing vulnerabilities in AI/ML systems
arxiv_fulltext·2021-01-22
On managing vulnerabilities in AI/ML systems
On managing vulnerabilities in AI/ML systems
Jonathan M. Spring
jspring AT sei dot cmu dot edu
0000-0001-9356-219X
CERT Coordination Center\ Engineering Institute\ Mellon University
Pittsburgh
PA
15213
April Galyardt
Software Engineering Institute\ Mellon University
Pittsburgh
PA
15213
Allen D. Householder
0000-0001-8970-4108
CERT Coordination Center\ Engineering Institute\ Mellon University
Pittsburgh
PA
15213
Nathan VanHoudnos
Software Engineering Institute\ Mellon University
Pittsburgh
PA
15213
Spring, Galyardt, Householder, and VanHoudnos
## Abstract
This paper explores how the current paradigm of vulnerability management might adapt to include machine learning systems through a
thought experiment: what if flaws in *ML were assigned *CVE-ID?
We consider both *ML algorithms a
http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796http://packetstormsecurity.com/files/156731/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.htmlhttp://packetstormsecurity.com/files/156732/Microsoft-Windows-SMB-3.1.1-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156980/Microsoft-Windows-10-SMB-3.1.1-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157110/SMBv3-Compression-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/157901/Microsoft-Windows-SMBGhost-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/158054/SMBleed-SMBGhost-Pre-Authentication-Remote-Code-Execution-Proof-Of-Concept.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0796
2020-03-12
Published
2022-02-10
Added to CISA KEV
Exploited in the wild