Collaborate Disseminate
Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protoco… Continue reading Russian hackers deliver malicious RDP configuration files to thousands
Because the vps where I have installed the t-pot doesn’t have any graphic cards (GPU), I must connect to the honeypot through RDP. I connect to the t-pot honeypot directly from my main computer. Are there any risks for my main computer, be… Continue reading Are connecting to honeypots through RDP a risk for the connecting computer?
A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc. Continue reading Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on. Continue reading Whispers from the Dark Web Cave. Cyberthreats in the Middle East
We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. Continue reading Trusted relationship attacks: trust, but verify
This question is directed towards creating an isolated environment for a reverse engineering VM, where malicious programs will be disassembled, debugged by executing them, so static and dynamic analysis etc.
The VM will have no internet c… Continue reading Is an isolated VM (Hyper-V) still safe despite the fact that the host uses RDP to view/control the VM?
While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator. Continue reading Network tunneling with… QEMU?
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens… Continue reading CVE count set to rise by 25% in 2024
This week, we finally get the inside scoops on some old stories, starting with the Bitwarden Windows Hello problem from last year. You may remember, Bitwarden has an option to …read more Continue reading This Week in Security: Bitwarden, Reverse RDP, and Snake
I’ve had some arguments with people about securing RDP access to servers:
Team 1 (including me) suggests that direct RDP access should only be possible with an (separate) administrative account.
Team A suggests that one should do RDP logi… Continue reading Security of RDP directly with administrative account VS RDP with normal account and elevation with administrative account