CVE-2020-1380
published 2020-08-17CVE-2020-1380: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could…
PriorityP184high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
24.19%
97.6th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_11 | >= 1.0.0 < publication | publication |
| msrc | internet_explorer_11 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa8.8HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vvf5-mpj5-q4jf: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2020-1380 [HIGH] CWE-119 GHSA-vvf5-mpj5-q4jf: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1555, CVE-2020-1570.
GHSA
GHSA-424x-wf7g-f967: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1555 [HIGH] CWE-119 GHSA-424x-wf7g-f967: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1570.
GHSA
GHSA-p546-hw2g-2622: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1570 [HIGH] CWE-119 GHSA-p546-hw2g-2622: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1380, CVE-2020-1555.
VulnCheck
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
vulncheck·2020·CVSS 7.8
CVE-2020-1380 [HIGH] CWE-787 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2020-Aug; https://cisa.gov/news-events/alerts/2020/08/11/microsoft-addresses-rce-and-spoofing-vulnerabilities-under-active; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/; https://securelist.com/apt-trends-report-q2-2021/103517/; https://threatpost.com/inkysquid-exploiting-ie-bugs/168833
Project0
Project Zero RCA: CVE-2020-0986: Windows splwow64 Untrusted Pointer Dereference
project_zero·CVSS 7.8
CVE-2020-0986 [HIGH] Project Zero RCA: CVE-2020-0986: Windows splwow64 Untrusted Pointer Dereference
# CVE-2020-0986: Windows splwow64 Untrusted Pointer Dereference
*Maddie Stone, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-09-02)*
## The Basics
**Disclosure or Patch Date:**
* 19 May 2020 (ZDI Disclosure)
* 9 June 2020 (Microsoft Advisory/Patch)
* 12 Aug 2020 (Kaspersky blog post about in-the-wild exploitation)
**Product:** Microsoft Windows
**Advisory:**
* ZDI: https://www.zerodayinitiative.com/advisories/ZDI-20-663/
* Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0986
* Kaspersky: https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/
**Affected Versions:** For Windows 10 1909/1903, [KB4556799](https://support.microsoft.com/en-us/help/4556799/windows-10-u
Project0
Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
project_zero·CVSS 7.8
CVE-2020-1380 [HIGH] Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
# CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
*Maddie Stone & Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-24)*
## The Basics
**Disclosure or Patch Date:** 11 August 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
**Affected Versions:** For Windows 10 2004, [KB4565503](https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503) and previous
**First Patched Version:** For Windows 10 2004, [KB4566782](https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Boris Larin (
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2020-1380 [HIGH] CWE-787 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-1380
Remediation Due Date: 2022-05-03
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2020-08-11·CVSS 7.5
CVE-2020-1380 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Volexity
North Korean APT InkySquid Infects Victims Using Browser Exploits
blogs_volexity·2021-08-17·CVSS 7.8
[HIGH] North Korean APT InkySquid Infects Victims Using Browser Exploits
Threat Intelligence
## North Korean APT InkySquid Infects Victims Using Browser Exploits
August 17, 2021
Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Tom Lancaster
Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious code on the Daily NK website was observed from at least late March 2021 until early June 2021.
This post provides details on the different exploits used in the SWC, as well as the payload used, which Volexity calls BLUELIGHT . Volexity attributes the activity described in this post to a threat actor Volexity refers to as InkySquid , which broadly corresponds to activity known publicly under the monikers
Volexity
North Korean APT InkySquid Infects Victims Using Browser Exploits
blogs_volexity·2021-08-17·CVSS 7.8
[HIGH] North Korean APT InkySquid Infects Victims Using Browser Exploits
Threat Intelligence
# North Korean APT InkySquid Infects Victims Using Browser Exploits
August 17, 2021
Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Tom Lancaster
Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious code on the Daily NK website was observed from at least late March 2021 until early June 2021.
This post provides details on the different exploits used in the SWC, as well as the payload used, which Volexity calls BLUELIGHT. Volexity attributes the activity described in this post to a threat actor Volexity refers to as InkySquid, which broadly corresponds to activity known publicly under the monikers Sc
Tenable
One Year Later: What Can We Learn from Zerologon?
blogs_tenable·2021-08-11
One Year Later: What Can We Learn from Zerologon?
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cyber Threats
## Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen Aug 09, 2021 Read time: ( words)
Save to Folio
In a previous blog entry , we reported on a campaign, which we labelled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for ma
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cyber Threats
## Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen Aug 09, 2021 Read time: ( words)
Save to Folio
In a previous blog entry , we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for mal
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Minacce cyber
## Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen Aug 09, 2021 Read time: ( words)
Save to Folio
In a previous blog entry , we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for mal
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cyberbedrohungen
## Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen Aug 09, 2021 Read time: ( words)
Save to Folio
In a previous blog entry , we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cyber Threats
# Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen
2021/08/09
Read time: ( words)
Save to Folio
In a previous blog entry, we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for malver
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Ciberamenazas
## Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen Aug 09, 2021 Read time: ( words)
Save to Folio
In a previous blog entry , we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for mal
Trendmicro
Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
blogs_trendmicro·2021-08-09·CVSS 7.8
[HIGH] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Cyber Threats
## Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
We found a new social engineering-based malvertising campaign targeting Japan that delivered a malicious application. The malicious application abused sideloading vulnerabilities to load and start the Cinobi banking trojan.
By: Joseph C Chen 2021/08/09 Read time: ( words)
Save to Folio
In a previous blog entry , we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet Explorer exploits CVE-2020-1380 and CVE-2021-26411 and was used for malve
Securelist
APT trends report Q2 2021
blogs_securelist·2021-07-29
APT trends report Q2 2021
Table of Contents
The most remarkable findings
Russian-speaking activity
Chinese-speaking activity
Middle East
Southeast Asia and Korean Peninsula
Other interesting discoveries
Final thoughts
Authors
GReAT
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q2 2021.
Readers who would like to learn
Securelist
APT trends report Q2 2021
blogs_securelist·2021-07-29
APT trends report Q2 2021
Table of Contents
- The most remarkable findings
- Russian-speaking activity
- Chinese-speaking activity
- Middle East
- Southeast Asia and Korean Peninsula
- Other interesting discoveries
- Final thoughts
Authors
- GReAT
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q2 2021.
Readers who would lik
Securelist
Kaspersky Security Bulletin 2020-2021. EU statistics
blogs_securelist·2021-05-26
Kaspersky Security Bulletin 2020-2021. EU statistics
Table of Contents
- Main figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
- Phishing in the EU
Authors
- Kaspersky
All statistics in this report are from the global cloud service Kaspersky Security Network (KSN), which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe assist us in this endeavor to collect information about malicious activity. The statistics in this report cover the period from May 2020 to April 2021, inclusive.
## Main figures
- 70% of Internet user computers in the EU experienced at least
Securelist
Kaspersky Security Bulletin 2020-2021. EU statistics
blogs_securelist·2021-05-26
Kaspersky Security Bulletin 2020-2021. EU statistics
Table of Contents
Main figures
Financial threats
Number of users attacked by banking malware
Threat geography
Ransomware programs
Number of users attacked by ransomware Trojans
Threat geography
Top 10 most common families of ransomware Trojans
Miners
Number of users attacked by miners in the EU
Threat geography
Vulnerable applications used by cybercriminals
Attacks on macOS
Threat geography
IoT attacks
IoT threat statistics
Malware loaded into honeypots
Attacks via web resources
Countries that are sources of web-based attacks
Countries where users faced the greatest risk of online infection
Top 20 malicious programs most actively used in online attacks
Local threats
Countries where users faced the highest risk of local infection
Top 20 malicious objects detected on
Securelist
IT threat evolution Q3 2020. Non-mobile statistics
blogs_securelist·2020-11-20
IT threat evolution Q3 2020. Non-mobile statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Oleg Kupreev
- Evgeny Lopatin
- Alexey Kulaev
- Alexander Kolesnikov
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q3:
- Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe.
- 456,573,467 unique URLs were recognized as malicious by Web Anti-Virus components.
- Attempts to run malware for stealing
Trendmicro
This Week in Security News
blogs_trendmicro·2020-11-19·CVSS 7.8
[HIGH] This Week in Security News
# This Week in Security News - November 19
Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut and Trend Micro Announces Free Web-Based Tool
By: Jon Clay
2020/11/19
Read time: ( words)
Save to Folio
Read on:
Attackers Are Using the Cloud, Too. Here’s What You Need to Know.
In a sample dataset of 1,000 logs, Trend Micro identified a total of 67,712 URLs for compromised accounts. Access to these so called “Cloud of Logs” can be purchased for a monthly fee between $350-$1,000 and can include thousands or millions of emails and passwords to popular sites like Google, Amazon, Twitter, Facebook and PayPal.
Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut
Cybercriminals are embracing cloud-based services and technologies in order to accelerate their attac
Trendmicro
CVE-2020-17053: Use-After-Free IE Vulnerability
blogs_trendmicro·2020-11-17·CVSS 7.8
CVE-2020-17053 [HIGH] CVE-2020-17053: Use-After-Free IE Vulnerability
Exploits & Vulnerabilities
## CVE-2020-17053: Use-After-Free IE Vulnerability
We analyze how CVE-2020-17053 was found and how it works.
By: Elliot Cao Nov 17, 2020 Read time: ( words)
Save to Folio
In my previous blog titled CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day , I discussed how that vulnerability was caused by a type inference error in the browser’s JIT engine, which can be exploited by neutering ArrayBuffer and resulted in a use-after-free (UAF) vulnerability. While analyzing the root cause of this vulnerability, I found another path to trigger a similar UAF vulnerability by neutering ArrayBuffer — but this time, without the need for the JIT engine. This bug was submitted to Microsoft in September via the Zero-Day Initiative and fixed in November’s Patch Tuesday as
Trendmicro
CVE-2020-17053: Use-After-Free IE Vulnerability
blogs_trendmicro·2020-11-17·CVSS 7.8
CVE-2020-17053 [HIGH] CVE-2020-17053: Use-After-Free IE Vulnerability
Exploits & Vulnerabilities
# CVE-2020-17053: Use-After-Free IE Vulnerability
We analyze how CVE-2020-17053 was found and how it works.
By: Elliot Cao
2020/11/17
Read time: ( words)
Save to Folio
In my previous blog titled CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day, I discussed how that vulnerability was caused by a type inference error in the browser’s JIT engine, which can be exploited by neutering ArrayBuffer and resulted in a use-after-free (UAF) vulnerability. While analyzing the root cause of this vulnerability, I found another path to trigger a similar UAF vulnerability by neutering ArrayBuffer — but this time, without the need for the JIT engine. This bug was submitted to Microsoft in September via the Zero-Day Initiative and fixed in November’s Patch Tuesday as CVE
Trendmicro
CVE-2020-17053: Use-After-Free IE Vulnerability
blogs_trendmicro·2020-11-17·CVSS 7.8
CVE-2020-17053 [HIGH] CVE-2020-17053: Use-After-Free IE Vulnerability
Exploits y vulnerabilidades
## CVE-2020-17053: Use-After-Free IE Vulnerability
We analyze how CVE-2020-17053 was found and how it works.
By: Elliot Cao Nov 17, 2020 Read time: ( words)
Save to Folio
In my previous blog titled CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day , I discussed how that vulnerability was caused by a type inference error in the browser’s JIT engine, which can be exploited by neutering ArrayBuffer and resulted in a use-after-free (UAF) vulnerability. While analyzing the root cause of this vulnerability, I found another path to trigger a similar UAF vulnerability by neutering ArrayBuffer — but this time, without the need for the JIT engine. This bug was submitted to Microsoft in September via the Zero-Day Initiative and fixed in November’s Patch Tuesday as
Trendmicro
CVE-2020-17053: Use-After-Free IE Vulnerability
blogs_trendmicro·2020-11-17·CVSS 7.8
CVE-2020-17053 [HIGH] CVE-2020-17053: Use-After-Free IE Vulnerability
Exploits & Vulnerabilities
## CVE-2020-17053: Use-After-Free IE Vulnerability
We analyze how CVE-2020-17053 was found and how it works.
By: Elliot Cao 2020/11/17 Read time: ( words)
Save to Folio
In my previous blog titled CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day , I discussed how that vulnerability was caused by a type inference error in the browser’s JIT engine, which can be exploited by neutering ArrayBuffer and resulted in a use-after-free (UAF) vulnerability. While analyzing the root cause of this vulnerability, I found another path to trigger a similar UAF vulnerability by neutering ArrayBuffer — but this time, without the need for the JIT engine. This bug was submitted to Microsoft in September via the Zero-Day Initiative and fixed in November’s Patch Tuesday as CV
Trendmicro
CVE-2020-17053: Use-After-Free IE Vulnerability
blogs_trendmicro·2020-11-17·CVSS 7.8
CVE-2020-17053 [HIGH] CVE-2020-17053: Use-After-Free IE Vulnerability
Sfruttamento vulnerabilità
## CVE-2020-17053: Use-After-Free IE Vulnerability
We analyze how CVE-2020-17053 was found and how it works.
By: Elliot Cao Nov 17, 2020 Read time: ( words)
Save to Folio
In my previous blog titled CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day , I discussed how that vulnerability was caused by a type inference error in the browser’s JIT engine, which can be exploited by neutering ArrayBuffer and resulted in a use-after-free (UAF) vulnerability. While analyzing the root cause of this vulnerability, I found another path to trigger a similar UAF vulnerability by neutering ArrayBuffer — but this time, without the need for the JIT engine. This bug was submitted to Microsoft in September via the Zero-Day Initiative and fixed in November’s Patch Tuesday as
Trendmicro
CVE-2020-17053: Use-After-Free IE Vulnerability
blogs_trendmicro·2020-11-17·CVSS 7.8
CVE-2020-17053 [HIGH] CVE-2020-17053: Use-After-Free IE Vulnerability
Ausnutzung von Schwachstellen
## CVE-2020-17053: Use-After-Free IE Vulnerability
We analyze how CVE-2020-17053 was found and how it works.
By: Elliot Cao Nov 17, 2020 Read time: ( words)
Save to Folio
In my previous blog titled CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day , I discussed how that vulnerability was caused by a type inference error in the browser’s JIT engine, which can be exploited by neutering ArrayBuffer and resulted in a use-after-free (UAF) vulnerability. While analyzing the root cause of this vulnerability, I found another path to trigger a similar UAF vulnerability by neutering ArrayBuffer — but this time, without the need for the JIT engine. This bug was submitted to Microsoft in September via the Zero-Day Initiative and fixed in November’s Patch Tuesday
Securelist
APT trends report Q3 2020
blogs_securelist·2020-11-03
APT trends report Q3 2020
Table of Contents
- The most remarkable findings
- Europe
- Russian-speaking activity
- Chinese-speaking activity
- Middle East
- Southeast Asia and Korean Peninsula
- Other interesting discoveries
- Final thoughts
Authors
- GReAT
For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q3 2020.
Readers who
Securelist
APT trends report Q3 2020
blogs_securelist·2020-11-03
APT trends report Q3 2020
Table of Contents
The most remarkable findings
Europe
Russian-speaking activity
Chinese-speaking activity
Middle East
Southeast Asia and Korean Peninsula
Other interesting discoveries
Final thoughts
Authors
GReAT
For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, focusing on activities that we observed during Q3 2020.
Readers who would like
Trendmicro
CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
blogs_trendmicro·2020-08-24·CVSS 7.8
CVE-2020-1380 [HIGH] CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
Exploits & Vulnerabilities
# CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free bug in Internet Explorer's JavaScript engine, jscript9.dll.
By: Elliot Cao
2020/08/24
Read time: ( words)
Save to Folio
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free (UAF) bug in Internet Explorer's JavaScript engine, jscript9.dll. Over the past few years, we’ve observed that zero-day attacks against Internet Explorer usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to jscript
Trendmicro
CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
blogs_trendmicro·2020-08-24·CVSS 7.8
CVE-2020-1380 [HIGH] CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
Exploits & Vulnerabilities
## CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free bug in Internet Explorer's JavaScript engine, jscript9.dll.
By: Elliot Cao 2020/08/24 Read time: ( words)
Save to Folio
As part of August’s Patch Tuesday , Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380 . It is a use-after-free (UAF) bug in Internet Explorer's JavaScript engine, jscript9.dll. Over the past few years, we’ve observed that zero-day attacks against Internet Explorer usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to jscri
Trendmicro
CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
blogs_trendmicro·2020-08-24·CVSS 7.8
CVE-2020-1380 [HIGH] CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
Exploits y vulnerabilidades
## CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free bug in Internet Explorer's JavaScript engine, jscript9.dll.
By: Elliot Cao Aug 24, 2020 Read time: ( words)
Save to Folio
As part of August’s Patch Tuesday , Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380 . It is a use-after-free (UAF) bug in Internet Explorer's JavaScript engine, jscript9.dll. Over the past few years, we’ve observed that zero-day attacks against Internet Explorer usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to js
Trendmicro
CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
blogs_trendmicro·2020-08-24·CVSS 7.8
CVE-2020-1380 [HIGH] CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
Ausnutzung von Schwachstellen
## CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free bug in Internet Explorer's JavaScript engine, jscript9.dll.
By: Elliot Cao Aug 24, 2020 Read time: ( words)
Save to Folio
As part of August’s Patch Tuesday , Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380 . It is a use-after-free (UAF) bug in Internet Explorer's JavaScript engine, jscript9.dll. Over the past few years, we’ve observed that zero-day attacks against Internet Explorer usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to
Trendmicro
CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
blogs_trendmicro·2020-08-24·CVSS 7.8
CVE-2020-1380 [HIGH] CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
Sfruttamento vulnerabilità
## CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free bug in Internet Explorer's JavaScript engine, jscript9.dll.
By: Elliot Cao Aug 24, 2020 Read time: ( words)
Save to Folio
As part of August’s Patch Tuesday , Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380 . It is a use-after-free (UAF) bug in Internet Explorer's JavaScript engine, jscript9.dll. Over the past few years, we’ve observed that zero-day attacks against Internet Explorer usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to jsc
Trendmicro
CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
blogs_trendmicro·2020-08-24·CVSS 7.8
CVE-2020-1380 [HIGH] CVE-2020-1380 Analysis of Recently Fixed IE Zero-Day
Exploits & Vulnerabilities
## CVE-2020-1380: Analysis of Recently Fixed IE Zero-Day
As part of August’s Patch Tuesday, Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380. It is a use-after-free bug in Internet Explorer's JavaScript engine, jscript9.dll.
By: Elliot Cao Aug 24, 2020 Read time: ( words)
Save to Folio
As part of August’s Patch Tuesday , Microsoft patched one zero-day vulnerability that targeted Internet Explorer 11, specifically CVE-2020-1380 . It is a use-after-free (UAF) bug in Internet Explorer's JavaScript engine, jscript9.dll. Over the past few years, we’ve observed that zero-day attacks against Internet Explorer usually exploit vbscript.dll and jscript.dll to run shellcode. This time, the target changed to jsc
Checkpoint
17th August – Threat Intelligence Bulletin
blogs_checkpoint·2020-08-17
CVE-2020-1380 17th August – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 17th August – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 17th August 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
The SANS information security training institute has suffered a data breach comprised of 27,000 records of PII (Personally Identifiable Information) which were forwarded to an external email address. SANS traced the source of the attack to a phishing email.
The city of Lafayette Colorado has fallen victim to a ranso
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
- Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Mi
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Micr
Trendmicro
Patch Tuesday: Fixes for Important Vulnerabilities
blogs_trendmicro·2020-08-11·CVSS 7.8
[HIGH] Patch Tuesday: Fixes for Important Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Important Vulnerabilities
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. ZDI disclosed 11 flaws, five of which are rated critical bugs.
By: Trend Micro Aug 11, 2020 Read time: ( words)
Save to Folio
Update on 19/08/2020 09:55AM PHT: Added rules for Trend Micro Deep Security.
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used
Trendmicro
Patch Tuesday: Fixes for Important Vulnerabilities
blogs_trendmicro·2020-08-11·CVSS 7.8
[HIGH] Patch Tuesday: Fixes for Important Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Important Vulnerabilities
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. ZDI disclosed 11 flaws, five of which are rated critical bugs.
By: Trend Micro 2020/08/11 Read time: ( words)
Save to Folio
Update on 08/19/2020 09:55AM PHT: Added rules for Trend Micro Deep Security.
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used f
Krebs
Microsoft Patch Tuesday, August 2020 Edition
blogs_krebs·2020-08-11·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, August 2020 Edition
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!
At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users. This is the sixth month in a row Microsoft has shipped fixes for more than 100 flaws in its products.
The most concerning of these appears to be CVE-2020-1380 , which is a weaknesses in Internet Explorer that could result in system compromise just
Talos
Microsoft Patch Tuesday for Aug. 2020 — Snort rules and prominent vulnerabilities
blogs_talos·2020-08-11·CVSS 5.5
CVE-2020-1472 [MEDIUM] Microsoft Patch Tuesday for Aug. 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw.
UPDATE: Additional rules to cover CVE-2020-1472 were published in our recent rule release. Please enable rules 55703 and 55704 for additional coverage.
Microsoft released its monthly security update Tuesday, disclosing 120 vulnerabilities across its array of products.
Sixteen of the vulnerabilities are considered “critical,” including one that Microsoft says is currently being exploited in the wild. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products including Microsoft Media Foundation, the Windows Registry and Microsoft Outlook.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulne
Trendmicro
Patch Tuesday: Fixes for Important Vulnerabilities
blogs_trendmicro·2020-08-11·CVSS 7.8
[HIGH] Patch Tuesday: Fixes for Important Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Important Vulnerabilities
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. ZDI disclosed 11 flaws, five of which are rated critical bugs.
By: Trend Micro
2020/08/11
Read time: ( words)
Save to Folio
Update on 08/19/2020 09:55AM PHT: Added rules for Trend Micro Deep Security.
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used f
Qualys
August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe | Qualys
blogs_qualys·2020-08-11·CVSS 7.8
[HIGH] August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe | Qualys
This month’s Microsoft Patch Tuesday addresses 120 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Media Foundation, .NET Framework, Browsers, Scripting Engines, Office, Outlook, Windows Codecs and several other workstation vulnerabilities. Adobe released patches today for Acrobat/Reader, and Lightroom.
### Workstation Patches
Today’s patch Tuesday fixes many vulnerabilities that would impact workstations. The Office, Outlook, Windows Codecs, and Media Foundation vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Windows Spoofing Vulnerability
While listed as Import
Trendmicro
Patch Tuesday: Fixes for Important Vulnerabilities
blogs_trendmicro·2020-08-11·CVSS 7.8
[HIGH] Patch Tuesday: Fixes for Important Vulnerabilities
## Patch Tuesday: Fixes for Important Vulnerabilities
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. ZDI disclosed 11 flaws, five of which are rated critical bugs.
By: Trend Micro Aug 11, 2020 Read time: ( words)
Save to Folio
Update on 08/19/2020 09:55AM PHT: Added rules for Trend Micro Deep Security.
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used for spoofing. Administrator
Tenable
Microsoft’s August 2020 Patch Tuesday Addresses 120 CVEs (CVE-2020-1337)
blogs_tenable·2020-08-11·CVSS 7.8
[HIGH] Microsoft’s August 2020 Patch Tuesday Addresses 120 CVEs (CVE-2020-1337)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Patch Tuesday: Fixes for Important Vulnerabilities
blogs_trendmicro·2020-08-11·CVSS 7.8
[HIGH] Patch Tuesday: Fixes for Important Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Important Vulnerabilities
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. ZDI disclosed 11 flaws, five of which are rated critical bugs.
By: Trend Micro Aug 11, 2020 Read time: ( words)
Save to Folio
Update on 08/19/2020 09:55AM PHT: Added rules for Trend Micro Deep Security.
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used
Talos
Microsoft Patch Tuesday for Aug. 2020 — Snort rules and prominent vulnerabilities
blogs_talos·2020-08-11·CVSS 5.5
CVE-2020-1472 [MEDIUM] Microsoft Patch Tuesday for Aug. 2020 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for Aug. 2020 — Snort rules and prominent vulnerabilities
By Jon Munshaw.
UPDATE: Additional rules to cover CVE-2020-1472 were published in our recent rule release. Please enable rules 55703 and 55704 for additional coverage.
Microsoft released its monthly security update Tuesday, disclosing 120 vulnerabilities across its array of products.
Sixteen of the vulnerabilities are considered “critical,” including one that Microsoft says is currently being exploited in the wild. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products including Microsoft Media Foundation, the Windows Registry and Microsoft Outlook.
Talos
Krebs
Microsoft Patch Tuesday, August 2020 Edition
blogs_krebs·2020-08-11·CVSS 7.8
CVE-2020-1380 [HIGH] Microsoft Patch Tuesday, August 2020 Edition
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!
The most concerning of these appears to be CVE-2020-1380, which is a weaknesses in Internet Explorer that could result in system compromise just by browsing with IE to a hacked or malicious website. Microsoft’s advisory says this flaw is currently being exploited in active attacks.
The other flaw enjoying active exploitation is CVE-2020-1464, which is a “spoofing” bug in virtually all supported versions of Windows that allows an attacker to bypass Windows security features and load improperly signed f
Qualys
August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe
blogs_qualys·2020-08-11·CVSS 7.8
[HIGH] August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe
This month’s Microsoft Patch Tuesday addresses 120 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Media Foundation, .NET Framework, Browsers, Scripting Engines, Office, Outlook, Windows Codecs and several other workstation vulnerabilities. Adobe released patches today for Acrobat/Reader, and Lightroom.
## Workstation Patches
Today’s patch Tuesday fixes many vulnerabilities that would impact workstations. The Office, Outlook, Windows Codecs, and Media Foundation vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Windows Spoofing Vulnerability
While listed as Importan
Zscaler
Zscaler found New Security Vulnerabilities | 8-11-2020
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found New Security Vulnerabilities | 8-11-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Threat Intel
APT37 (APT37, InkySquid, ScarCruft)
threat_intel
APT37 (APT37, InkySquid, ScarCruft)
# Threat Actor Profile: APT37
ATT&CK ID: G0067
Also known as: APT37, InkySquid, ScarCruft, Reaper, Group123, TEMP.Reaper, Ricochet Chollima
Suspected origin: China
## Overview
APT37 is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. APT37 has also been linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are you Happy?, FreeMilk, North Korean Human Rights, and Evil New Year 2018.(Citation: FireEye APT37 Feb 2018)(Citation: Securelist ScarCruft Jun 2016)(Citation: Talos Group123)
North Korean group definitions are
http://packetstormsecurity.com/files/163056/Internet-Explorer-jscript9.dll-Memory-Corruption.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380http://packetstormsecurity.com/files/163056/Internet-Explorer-jscript9.dll-Memory-Corruption.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1380
2020-08-17
Published
2021-11-03
Added to CISA KEV
Exploited in the wild