- EternalDarkness or SMBGhost is the latest vulnerability affecting the Microsoft SMB protocol which was first reported in March 2020
- This is high-severity threat because SMB vulnerabilities very-often are quickly adopted by “wormified” malicious attacks. As-of publishing of this post, PoCs exist for DoS and local privilege escalation
- Bitdefender Hypervisor Introspection stops the local privilege escalation 0-day attack without any additional configurations or updates. See the Demo below.
- BlueKeep is a wormable security flaw in Microsoft Remote Desktop Services that allows attackers to take control remotely of vulnerable systems.
- Metasploit developers released the first functional prototype of exploit code with payload execution capabilities.
- Bitdefender tested the newly released exploit code and Hypervisor Introspection prevents this attack (demo included).
Last Friday, security researchers working on the Metasploit project released the first functional exploit code to successfully achieve code execution against systems vulnerable to BlueKeep. This high impact vulnerability affecting Microsoft Remote Desktop Services was first reported as CVE-2019-0708 in May 2019. On May 14th, Microsoft started releasing patches for affected Windows OSes (including the end of life XP and 2003)
- Speculative execution-based attacks exploit CPU architecture flaws to allow attackers to leak sensitive information from privileged operating system kernel memory
- The SWAPGS Attack leverages a new speculative execution vulnerability discovered by Bitdefender security researchers
- The SWAGS Attack circumvents all existing side-channel attack mitigations and allows attackers to gain unprivileged access to kernel sensitive data
- Bitdefender Hypervisor Introspection technology mitigates the SWAPGS Attack on unpatched Windows systems running on Citrix Hypervisor or KVM hypervisor
Today, multiple industry software and hardware vendors have published security advisories for CVE-2019-1125 related to a newly discovered side-channel attack, dubbed SWAPGS Attack. The SWAPGS Attack was identified and reported by Bitdefender security researchers working on hypervisor introspection and anti-exploit technologies. This led to a coordinated disclosure process that has included several strategic industry partners.
- VMware NSX-T Data Center 2.4 release now includes Guest Introspection services via agentless endpoint protection.
- Bitdefender GravityZone Security for Virtualized Environment (SVE) is the first, and currently the only, security vendor that integrates NSX-T Guest Introspection.
- If you are upgrading to NSX-T Bitdefender solves real operational challenges for highly-dense, large scale datacenter deployments.
Last Friday (April 14, 2017), just before Easter, an egg was laid by The Shadow Brokers, a group that hopped into the spotlight in mid-2016. This time, the group dropped an especially colorful release, in the form of Eternalblue.
