banner Expire 1 April 2024
Ad Ends 13 April 2024
banner Expire 20 March 2024
ad End 18 April 2024
Ad Ends 13 April 2023
banner Expire 18 April 2024
What's new
Ad expire at 5 March 2024
UniCvv
CrdCrew.cc Carding forum
Western union transfer
banner expire at 21 August

Carding.pw carding forum

CISA warns of attacks using SMBGhost vulnerability

Daniel

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
6,342
Reaction score
885
Points
212
Awards
2
  • trusted user
  • Rich User
Various malware operators used SMBGhost to remotely execute code.

41ab9225bc37630c4e18a68769c0e126.jpg



The US Cybersecurity and Infrastructure Security Agency (CISA) has warned Windows users that the recently published PoC exploit for the worm-like vulnerability in Windows 10 ( CVE-2020-0796 ) is being used to carry out attacks.

SMBGhost, also known as CoronaBlue, is a vulnerability that affects the Microsoft Server Message Block 3.1.1 (SMBv3) version of the network data transfer protocol. The vulnerability affects Windows 10 and Windows Server and can be used for DoS attacks, increasing local privileges and executing arbitrary code on the system.

To carry out attacks on SMB servers, an attacker needs to send malicious packets to the target system. The culprit must also trick the victim into connecting to a malicious SMB server.

Microsoft announced the vulnerability, and then released patches and preventive measures to exploit the vulnerability in March this year. Researchers began publishing PoC exploits for the vulnerability shortly after it was discovered, but they focused only on DoS attacks or privilege escalation. Several companies and researchers claimed to have developed PoC codes to exploit vulnerabilities that could allow remote code execution, but not one was made public.

However, last week a researcher using the pseudonym Chompie publishedPoC exploit for SMBGhost, allowing remote code execution. According to Chompie, it is not 100% reliable and can lead to a malfunction of the system, however, several experts who tested the exploit confirmed that remote code execution can be performed.

CISA recommended that users and administrators install patches for SMBGhost and block SMB ports using a firewall and warned that the vulnerability was being exploited by criminals.
__________________

What is an "Automatic Guarantor Service"?
 
Ad End 1 April 2024
Top