CVE-2020-16898 – Bad Neighbor SIEM Content Packages A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. An attacker would have to send specially crafted ICMPv6 Router Advertisement […]
CVE-2019-0708 BlueKeep – SIEM Content Packages Bluekeep is a critical vulnerability that allows an attacker to send malicious packets to a vulnerable target over RDP and remotely execute commands with elevated privileges. The vulnerability occurs during pre-authorization and does not require any user interaction, which makes it really critical. This vulnerability will affect these OS […]
SIEM Content Packages For CVE-2020-1472 – ZeroLogon By CyberSIEM As you know, one of the most critical vulnerabilities has recently been published – ZeroLogon An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege […]
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.
Mail impersonation is one of the most popular and successful attacks today. This kind of attack can be split into two main types: Phishing and Mail impersonation.
How to create a data monitor which will collect the information from the last X time, and sum the quantity and create a rule that use the audit events of the Data Monitor to check if the value is more than a specific threshold.