Jai Vijayan reports:
In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim’s environment.
Prior to deploying the ransomware, the attackers have used several dual-use tools, including remote access products from companies like Atera and Splashtop and network scanners from NetScan among others, researchers at Symantec Broadcom said in a report this week.
Read more at DarkReading.
Additional details at Security Boulevard.