<<< I am making frequent updates to this post an information flows in. >>> Overview There is an exploit called ETERNALBLUE (CVE-2017-0145), which is believed to have been developed by the NSA (U.S. National Security Agency). ETERNALBLUE was leaked by the Shadow Brokers hacker group on 14 April 2017. Is used as part of the WannaCry ransomware attack that Read more about Blue Team Reactions to WannaCry[…]
Google released a “Security Bypass/Information Disclosure” vulnerability that it found in Microsoft’s Windows 7 and 8.1 operating systems. The CryptProtectMemory function allows an application to encrypt memory for 1 of 3 scenarios, process, logon session and computer. When using the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) the encryption key is generated based on the logon session ID, this Read more about Google Releases Zero-Day Vulnerability[…]
Earlier this month I saw a lot of attacks targeting Telnet, which I thought was odd. Now because of Microsoft’s Patch Tuesday, I know why that was… This vulnerability (MS15-002) marked as having a critical severity rating is in the Telnet protocol, used to provide terminal connections to remote computers over TCP23. Microsoft marks vulnerabilities as Read more about Telnet Vulnerability[…]