Collaborate Disseminate
The first attacks that exploit the zero-day Windows vulnerability install cryptominers and scan for targets rather than a worm with WannaCry potential. Continue reading BlueKeep Attacks Have Arrived, Are Initially Underwhelming
As the number vulnerabilities hit a historic high, battle-worn security teams are upping their patching game. Continue reading How to Get a Handle on Patch Management
Twitter boss, Jack Doresy, had his Twitter account was hacked at the end of August, with hackers using his account to send a stream of offensive messages to his 4.2 million followers. It appears Jack was using his mobile phone to provide multi-factor a… Continue reading Cyber Security Roundup for August 2019
In May, Microsoft released fixes for BlueKeep, a critical remote code execution vulnerability in Remote Desktop Services that affected older versions of Windows. Even though Windows 8 and 10 are not vulnerable, the flaw was so dangerous that it warran… Continue reading Protect Against BlueKeep and the Next Wormable Vulnerability
Microsoft has found itself with a large amount of RDP-related patching work during 2019. Continue reading Update now! Microsoft patches its Android RDP app to fix flaw
From the biometrics of one million being exposed, to new Microsoft Bluekeep-like threats, Threatpost discusses the top news of the week. Continue reading News Wrap: DejaBlue Bugs and Biometrics Data Breaches
The flaws allow remote code-execution without user interaction or authentication, and are highly exploitable. Continue reading Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
Microsoft on Tuesday released fixes for two critical vulnerabilities in a popular Windows program that could allow hackers to remotely execute code on machines that would let them install their own programs, delete or alter data, or set up their own user accounts. The vulnerabilities are “wormable,” meaning that malware exploiting them could be used to move between vulnerable computers without user interaction. That puts them in the same category as another serious Windows flaw, BlueKeep, which was announced in May, and the vulnerability exploited in the 2017 WannaCry ransomware outbreak. Like BlueKeep, which many users have not patched, the latest vulnerabilities are in Remote Desktop Services, a Windows program that grants remote access to computers for administrative purposes. WannaCry, which the U.S. government says was the work of North Korean hackers, caused billions of dollars in damage while infecting computers in 150 countries. There is no public documentation of BlueKeep being exploited in the wild, but […]
The post Microsoft patches two critical vulnerabilities comparable to BlueKeep appeared first on CyberScoop.
Continue reading Microsoft patches two critical vulnerabilities comparable to BlueKeep
July was a month of mega data privacy fines. The UK Information Commissioners Office (ICO) announced it intended to fine British Airways £183 million for last September’s data breach, where half a million BA customer personal records were compromi… Continue reading Cyber Security Roundup for July 2019
It’s no secret that Microsoft’s Remote Desktop Services (RDS) software is a natural target for hackers. The same remote access that the popular program gives to clients also piques the interest of would-be attackers. That also makes fixing a bug in the software a good opportunity for both ends of the cybersecurity profession — offensive and defensive — to collaborate. One RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas. “This attack was very hard to detect,” recalled Dana Baril, a security software engineer at Microsoft. “The behavior didn’t stand out as unusual for the user.” A hacker exploiting the bug would be making network connections that looked a lot like whatever a normal person might do with RDS. Baril had received a report through Microsoft’s bug bounty program. She reached out to Eyal […]
The post How offense and defense came together to plug a hole in a popular Microsoft program appeared first on CyberScoop.
Continue reading How offense and defense came together to plug a hole in a popular Microsoft program