If you haven't installed Microsoft's August patch updates for your Active Directory domain controllers, you might want to reconsider. A brand new exploit (officially called CVE-2020-1472 by Microsoft and Zerologon by Tom Tervoort, the researcher who discovered it) allows an attacker to compromise an unpatched Active Directory domain controller via just a TCP connection without the need for any domain credentials.
2 min read
The ZeroLogon Exploit (CVE-2020-1472)
Topics: Exploit Security Exploit Domain Controllers Active Directory
2 min read
Hackers Have Been Spying on iPhones for Years
Google's Project Zero announced some big news last Thursday: hackers have been using "Watering Hole" style attacks for years to spy on iPhones who visit compromised websites.
In the blog post (https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html) written by Ian Beer, he says hackers had been discretely attacking iPhones who visited compromised websites.
