Common Vulnerabilities and Exposures

In August 2022, the Vectra Protect team identified an attack path that enables malicious actors with file system access to steal credentials for any Microsoft Teams user who is signed in. Attackers do not require elevated permissions to read these files, which exposes this concern to any attack that provides malicious actors with local or remote system access.

As we saw with the Log4J vulnerability, cybercriminals only need a single opening to infiltrate your environment. And while another vulnerability can't be prevented, there's still a lot that can be done to make sure you're ready for the next one.

Threat actors can use the Log4J vulnerability as a platform for launching attacks, but what does this mean for cloud environments? Find out exactly how attackers are exploiting this vulnerability and what this could mean for your organization.

A few days after the Log4Shell vulnerability was discovered, we now have more observations about how the exploit is being leveraged. Here's what we know, today.

A new 0day was discovered in the log4j application on December 10, 2021. This vulnerability impacts a widely used logging solution spanning an incredibly large attack surface.

A new remote code execution vulnerability in Windows Print Spooler, now known as CVE-2021-1675, or PrintNightmare can be exploited by attackers to take control of affected systems. Find out how to detect and stop this exploit with Vectra.

The Hafnium campaign is targeting Microsoft Exchange Servers by leveraging several zero-day exploits and allows attackers to bypass authentication, including MFA to access e-mail accounts. Read more about hot to detect and stop the attack with Vectra Cognito.

With Adobe Flash officially marking its end-of-life on Jan. 1, 2021, assessing Flash usage is imperative to prevent attacks though that avenue. Cognito Recall from Vectra now has a Flash dashboard to help organizations decommission Flash across their networks.

The recent ZeroLogon (CVE-2020-1472) vulnerability allows an attacker to gain Domain Admin credentials. The Vectra AI/ML models are designed to detect attacks regardless of tools or signatures and alerted on ZeroLogon even before it was announced.

Learn why Microsoft Power Automate is great for Office 365 users, but why it's terrifying for security professionals.

Sitting at the edge of the network and rarely configured or monitored for active compromise, the firewall today is a vulnerable target for persistent and targeted attacks.

Printers present an interesting case in the world of IoT (Internet of Things), as they are very powerful hardware compared to most IoT devices, yet are not typically thought of as a "real" computer by most administrators. In this case, we investigate how to use the special role that printers have within most networks to actually infect end-user devices and extend the footprint of their attack within the network.

Security researchers with Vectra Threat Labs recently uncovered a critical vulnerability affecting all versions of <a href="https://www.vectra.ai/news/vectra-networks-discovers-critical-microsoft-windows-vulnerability-that-allows-printer-watering-hole-attacks-to-spread-malware">Microsoft Windows</a> reaching all the way back to Windows 95. The vulnerability allows an attacker to execute code at system level either over a local network or the Internet. As a result, attackers could use this vulnerability both to infect an end-user from the Internet, and then spread through the internal network.

Recently, it came to our attention that HP DVLabs has uncovered at least tenvulnerabilitiesin the Belkin N300 Dual-Band Wi-Fi Range Extender (F9K1111). As this is the first update issued for the F9K1111 and there were not any public triggers for the vulnerabilities, we thought it would be interesting to take a deeper look.

Updated June 3, 2015 11:00 AM(see details)Recently a popular privacy and unblocker application known as Hola has been gaining attention from the security community for a variety of vulnerabilities and highly questionable practices that allow the service to essentially behave as a botnet-for-hire through its sister service called Luminati. Vectra researchers have been looking into this application after observing it in customer networks over the past several weeks, and the results are both intriguing and troubling. In addition to its various botnet-enabling functions that are now part of the public record, the Hola application contains a variety of features that make it an ideal platform for executing targeted cyber attacks.