Briefing on updates to dynamic security alerts from Corvus
Brokers working with Corvus may see new alerts beginning this month. These vulnerabilities are relatively rare when compared to exposed remote desktop protocol (RDP) ports, the most frequent alert we send. However, they are still critical to fix in the event they are found on one of your client's systems.
Telnet is an early application protocol that may be present in legacy IT systems. Publicly available Telnet service can leave your clients vulnerable to data leaks of information like usernames and passwords. Because Telnet is one of the earliest remote login protocols on the Internet, initially released in 1969, it provides no built-in security measures and suffers from serious security issues. The use of Telnet over the public Internet should be avoided due to the risk of exposing usernames and passwords to the attacker, and increasing the likelihood of exploitation.
Server Message Block (SMB)
Server Message Block (SMB) is a Microsoft network file sharing protocol. Leaving an SMB service open to the public can give attackers the ability to access data on your clients’ internal network, and increases their risk of a ransomware attack or other exploit. Notably, SMB1, (a legacy version of the service,) was used as an attack channel for both the WannaCry and NotPetya mass ransomware attacks in 2017. Server Message Block (SMB) allows devices on the same network to share files with each other. Printers, mail servers, and high-priority internal network segments use SMB to provide access to remote users.
Get in Touch
Interested in learning more about Corvus's Alerting Capabilities? Get in touch with a representative here.