Back to Main Navigation

PREDICT EXPLOITS

REDUCE COSTS

PREDICTION FOR THE CLOUD

ADVANCED CAPABILITIES

Back to Main Navigation

Resources

Predictive Threat Assessment Sign Up

Watch Now

PR1ORITY Product Demo
Back to Main Navigation

About CYR3CON

Come Join Us

CYR3CON is always looking for top talent to join our team.
View Openings
Back to Main Navigation

Take the next step to be in the know, now.

Complete the form and a member of the CYR3CON team will contact you shortly to discuss your cyber security needs.

Contact Form

Blog

Chaining with Zerologon and the Threat to Election Security

Posted by Paulo Shakarian on Oct 12, 2020 6:48:07 PM

 

Late last week, DHS issued an advisory on vulnerabilities that are being used in tandem with "Zerologon” (CVE-2020-1472, Netlogon vulnerability). 

zerologon

Specifically, they have observed the Fortinet VPN vulnerability CVE-2018-13379 and MobileIron vulnerability CVE-2020-15505.  Additionally, they advise patching the following as they are likely (though not yet observed) to be used by hackers in the same way:  

  • - Citrix NetScaler CVE-2019-19781 
  • - MobileIron CVE-2020-15505 
  • - Pulse Secure CVE-2019-11510 
  • - Palo Alto Networks CVE-2020-2021 
  • - F5 BIG-IP CVE-2020-5902 

Today’s video blog takes a look at the alert as well as the vulnerabilities it describes. The complete DHS alert can be found here: https://us-cert.cisa.gov/ncas/alerts/aa20-283a 

Take advantage of the CYR3CON Predictive Threat Assessment and know what vulnerabilities hackers are targeting in your own organization. 

 

Topics: Cybersecurity, Election Hacking