A security researcher at Microsoft witnessed hundreds of exploitation attempts against honeypot servers over the weekend that match the exploit chain for “ZeroLogon.” ZeroLogon is a known privilege escalation bug in Microsoft’s Netlogon Remote Control Protocol for Domain Controllers. The ZeroLogon vulnerability was rated critical when it first was identified. Now, after an initial patch was released in August 2020 as part of a two-step correction for the bug, unknown threat actors are scanning the Internet for servers that may be vulnerable. In the case reported on, the attackers managed to reset the domain controller honeypot computer password to blank.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security