A bug in LastPass leaks site credentials you've visited
infosec

A bug in LastPass leaks site credentials you've visited

LastPass password manager released an update last week to fix a security bug that reveals ...
Read More
infosec

Oil plants were attacked by drones

Saudi Arabia faced two major attacks on the weekend. Two large oil refineries have been attacked by ...
Read More
infosec

NAS devices: Research proves to be vulnerable to cyberattacks!

Obviously, not every machine or device connected to the Internet can be 100% secure. The...
Read More
infosec

How to make a career in ethical hacking: Skills and perspectives

Information Technology (IT) is one of the largest and most popular industries of our time, with an ever-expanding ...
Read More
infosec

iOS 13: Error allows bypass iPhone / iPad lock screen

Apple's iOS 13 has not yet been released (will be released on September 19) and the first bug has already been detected ...
Read More
Latest Posts

US-CERT warns of zero-day exploit of Windows

United States Computer Emergency Readiness Team (US-CERT) warns of a new exploit kit kit developed by Shadow Brokers hacking team The new exploit kit is available for sale and targets Windows systems.

Earlier this week, rumors were released that wanted Shadow Brokers to try to sell a zero-day Windows for 750 Bitcoin, and US-CERT says it should take action immediately.
US-CERT

In its publication, US-CERT reports that zero-day exploit targets a vulnerability that is available on all Windows systems through the Server Message Block (SMB) feature. A successful attack allows an attacker to obtain sensitive information from affected systems.

The team recommends Windows administrators to disable SMB v1 and block all SMB versions on the network limit by blocking the TCP 445 port along with all the relevant protocols on the UDP 137-138 ports and the TCP 139 port, for all devices, even if the above measures could obviously have an impact on the proper functioning of the system.

For the time being, however, it is important to note that there is still no confirmation of this zero-day in Windows, by Microsoft itself that does not seem to know that there is an unpatched vulnerability.

https://www.us-cert.gov

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Giorgos

About Giorgos

Giorgos plays backgammon, Thanassis, Dimitris and solitaire. He does no work in his spare time.

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *