#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Zerologon | Breaking Cybersecurity News | The Hacker News

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

Iranian Hackers Utilize ScreenConnect to Spy On UAE, Kuwait Government Agencies

Feb 11, 2021
UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors, according to new research. Attributing the operation to be the work of  Static Kitten  (aka MERCURY or MuddyWater), Anomali  said  the "objective of this activity is to install a remote management tool called ScreenConnect (acquired by ConnectWise 2015) with unique launch parameters that have custom properties," with malware samples and URLs masquerading as the Ministry of Foreign Affairs (MOFA) of Kuwait and the UAE National Council. Since its origins in 2017, MuddyWater has been tied to a number of attacks primarily against Middle Eastern nations, actively  exploiting Zerologon vulnerability  in real-world attack campaigns to strike prominent  Israeli organizations  with malicious payloads. The state-sponsored hacking group is believed to be working at the behest of Iran's Islamic Republic Guard Corps, the country's primary intellig
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

Sep 29, 2020
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called  Zerologon —that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the  Netlogon Remote Control  Protocol for Domain Controllers. In other words, the underlying vulnerability ( CVE-2020-1472 ) could be exploited by an attacker to compromise Active Directory services, and eventually, the Windows domain without requiring any authentication. What's worse is that a proof-of-concept exploit for this flaw was released to the public last week, and immediately after, attackers started exploiting the weakness against unpatched systems in the wild. As described in our  coverage  based on a technical analysis published by Cynet security researchers, the underlying issue is Microsoft's implementation of
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Cybersecurity Resources