SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Attackers using Zerologon vulnerability at higher rate
Description: Cisco Talos researchers report seeing a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which -- among other things -- can be used to update computer passwords by forging an authentication token for specific Netlogon functionality. This flaw allows attackers to impersonate any computer, including the domain controller itself and gain access to domain admin credentials.
References: https://blog.talosintelligence.com/2020/09/netlogon-rises.html
Snort SIDs: 55703, 55704
Title: Cisco warns of vulnerabilities in IOS operating system
Description: Cisco patched several vulnerabilities -- many of them considered severe -- in its IOS operating system. The updates address denial-of-service, file overwrite and input validation attacks that affect many of Cisco's products. Two of the vulnerabilities -- CVE-2020-3421 and CVE-2020-3480 -- exist in Cisco's Zone-Based Firewall. An attacker could exploit these bugs to cause the affected device to reload or make it stop forwarding traffic through the firewall.
References: https://threatpost.com/cisco-patches-bugs/159537/
Snort SIDs: 55815 - 55819, 55830 - 55832