HackDig : Dig high-quality web security articles for hacker

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

byJohn E DunnWeeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.Th
Publish At:2020-02-15 12:44 | Read:245 | Comments:0 | Tags:Adobe Internet Explorer Microsoft Operating Systems Vulnerab

February Patch Tuesday: Fixes for Critical LNK, RDP, Trident Vulnerabilities

The first Patch Tuesday of 2020 in January brought an unusually long list of patches, but February brings an even wider range of fixes that address a total of 99 vulnerabilities — including 12 classified as Critical, with the remaining 99 deemed Important. Only five of the vulnerabilities were made public before the patches were released; one of these was ra
Publish At:2020-02-11 21:00 | Read:165 | Comments:0 | Tags:Exploits Vulnerabilities LNK Patch Tuesday RDP Remote Deskto

Explained: the strengths and weaknesses of the Zero Trust model

In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must be considered suspect—questioned, investigated, and cross-checked—until we can be absolutely sure it is safe to be allowed. Zero Trust is a concept created by John Kindervag in 2010 during his
Publish At:2020-01-28 16:50 | Read:379 | Comments:0 | Tags:Explained byod cloud framework identity management insider t

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware’s got its hooks in global businesses and shows no signs of stopping. That includes a malware family known as Phobos ransomware, named afte
Publish At:2020-01-10 16:50 | Read:528 | Comments:0 | Tags:Threat spotlight brute force coveware crysis crysis ransomwa

Threat spotlight: The curious case of Ryuk ransomware

Ryuk. A name once unique to a fictional character in a popular Japanese comic book and cartoon series is now a name that appears in several rosters of the nastiest ransomware to ever grace the wild web. For an incredibly young strain—only 15 months old—Ryuk ransomware gaining such notoriety is quite a feat to achieve. Unless the threat actors behind its
Publish At:2019-12-12 21:50 | Read:679 | Comments:0 | Tags:Threat spotlight AES average ransom amount BitPaymer BitPaym

Reverse port forwarding SOCKS proxy via HTTP proxy (part 1)

In the context of a Red Team assessment, in this post I’ll look at some options for using SOCKS to gain external access to an internal network. I’ll cover the obvious methods and why I’m overlooking them, a crude method using standard tools (this post) and a more refined approach using modified tools (in part 2). I recently spent quite a lo
Publish At:2019-09-19 17:35 | Read:738 | Comments:0 | Tags:Blog RDP red team Windows

Rapid7 warns of Remote Desktop Protocol (RDP) exposure for millions of endpoints

According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP). The researchers discovered that there are 11 million open 3389/TCP endpoints, and that 4.1 million of them are RDP. “We analyzed the responses, tallying any that appeared to be from RDP speaking endpoints
Publish At:2017-08-14 18:00 | Read:3716 | Comments:0 | Tags:Breaking News Hacking Reports Security EsteemAudit Intellige

NSA EsteemAudit exploit could trigger a new WannaCry-like attack

Security experts from enSilo firm released a free patch for Windows systems vulnerable to the NSA-linked ESTEEMAUDIT Exploit. The WannaCry emergency could not be ended because the NSA dump leaked by the Shadow Brokers team included many other dangerous exploits. Last months the Shadow Brokers group released another batch of data containing exploit codes stil
Publish At:2017-05-25 14:40 | Read:3007 | Comments:0 | Tags:Breaking News Hacking EnglishmanDentist EsteemAudit Explodin

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil. Harvesting victims via weakly protected RDP (remote desktop protocol) connections, criminals are manually installing the ransomware and encrypting any files which can be found on the system. Interesti
Publish At:2017-04-24 17:40 | Read:5791 | Comments:0 | Tags:Blog Research Brazil Ransomware RDP TeamXRat Trojan

RDPPatcher, the Attack that Sells Access to your Computer at a Low Price

In recent months, there’s been a significant uptick in PandaLabs reports of malware that is installed using a Remote Desktop Protocol (RDP). Every day, we witness thousands of infection attempts using ransomware, hijacking systems for bitcoin mining, etc., which all have one thing in common: access via RDP after gaining entry with credentials obtained using
Publish At:2017-02-16 09:25 | Read:3138 | Comments:0 | Tags:PandaLabs Malware news rdp

Mirai Widens Distribution with New Trojan that Scans More Ports

Analysis by Julie Cabuhat Late last year, in several high-profile and potent DDoS attacks, Linux-targeting Mirai (identified by Trend Micro as ELF_MIRAI family) revealed just how broken the Internet of Things ecosystem is. The malware is now making headlines again, thanks to a new Windows Trojan that drastically increases its distribution capabilities. We pr
Publish At:2017-02-13 22:40 | Read:3499 | Comments:0 | Tags:Internet of Things Malware Mirai RDP Telnet

CRYSIS Ransomware is back and crooks are using RDP attacks once again

CRYSIS Ransomware attacks leveraging brute force via Remote Desktop Protocol (RDP) are still ongoing, mostly targeting US firms in the healthcare. Do you remember the CRYSIS ransomware? It is a ransomware that appeared in the threat landscape last year, now researchers at Trend Micro discovered the CRYSIS ransomware is being distributed via Remote Desktop Pr
Publish At:2017-02-10 14:15 | Read:4612 | Comments:0 | Tags:Breaking News Cyber Crime Malware CrySis ransomware Cybercri

It Isn’t Ransomware, But It Will Take Over Your Server Anyway

In this week’s Tales From Ransomware, we take a look at a ransomware that isn’t really ransomware. Nor even malware. But it can hijack your server anyway. A few days ago we saw a typical Remote Desktop Protocol (RDP) attack, which lead us to believe that it was a similar attack to the one we told you about a few months ago which cybercriminals are usin
Publish At:2017-01-20 12:10 | Read:3383 | Comments:0 | Tags:Pandalabs PandaLabs rdp tales from ransomware

Downgrading RDP connections and how to avoid it

This post describes how Remote Desktop Protocol (RDP) connections can be vulnerable to a downgrade attack if Terminal Servers are configured insecurely. We’re not aware of this issue being discussed before – googling only found pages about installing an earlier version of the RDP client, not about downgrading the protocol in the way described her
Publish At:2016-11-20 02:20 | Read:6594 | Comments:0 | Tags:Blog cryptography MiTM RDP redteam Windows

Vulnerability Management: Just Turn It Off! Part III

Our previous posts in the ‘Just Turn It Off!’ series (Part I and Part II) explained many commonly overlooked features than can unintentionally weaken your network’s security.We discussed the risks of an unsecured VNC, rlogin, HTTP TRACE and various other features, that fortunately, have a fairly simple fix.In our third and final post of thi
Publish At:2014-08-19 17:20 | Read:4540 | Comments:0 | Tags:Featured Articles Vulnerability Management RDP SBM share SNM


Share high-quality web security related articles with you:)


Tag Cloud