Security News

The Apache Project's popular Guacamole open-source remote desktop software contained vulns allowing remote attackers to steal login creds and hijack targeted machines, researchers have said. The Apache Foundation has issued patches for Guacamole following Check Point's research, which resulted in two CVEs.

A report published on Monday by ESET discusses how attackers take advantage of RDP and what organizations can do to combat them. Though Remote Desktop Protocol can be enough of a security risk on its own, organizations often compound the vulnerabilities by failing to properly secure RDP accounts and services.

Adaptiva announced that it has partnered with UK-based IT consultancy OKTiK Technology to provide its solutions as part of OKTiK's automation platform. "OKTiK has established itself as a digital transformation specialist over the last several years, and our on-premises and cloud-enabled products are an outstanding fit for OKTiK's automation platform. Together, Adaptiva and OKTiK can drive a painless transition to modern management."

Docker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. The bug, discovered by Ceri Coburn, a researcher at security consultancy Pen Test Partners, exposed Docker for Windows to privilege elevation.

A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. Most JavaScript applications contain hundreds of open-source libraries - some have more than 1,000 different libraries.

In many cases, IT staff and other employees need to remotely connect to workstations and servers at the office, and for that they typically rely on the Microsoft Remote Desktop Protocol built into Windows. In a blog post published on Thursday, McAfee explains how cybercriminals are taking advantage of RDP access and what organizations can do to protect themselves.

Kaspersky Labs is reporting a massive increase in brute force attacks against Microsoft's RDP protocol since the beginning of March, coinciding perfectly with coronavirus lockdowns and increased numbers of people working from home. Brute force attacks are decidedly blunt in their approach: Rather than try to sneak in a backdoor or bypass security, a brute force attack simply tries logging in to a system with a known username and all possible passwords.

NetApp, the leader in cloud data services, announced that it acquired CloudJumper, a leading cloud software company in the virtual desktop infrastructure and remote desktop services markets. As a result of the acquisition, the new NetApp Virtual Desktop Service will solve the most challenging problems of virtual desktop services and application management, allowing customers to deploy, manage, monitor and optimize those environments as a total solution from a single company on the public cloud of their choice.

The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the COVID-19 pandemic, researchers noted. A successful attack would give cybercriminals remote access to the target computer with the same permissions and access to data and folders that a legitimate user would have.

Microsoft has warned of the risks associated with allowing remote access to desktop services while working from home, publishing guidance on how IT teams can maintain secure working environments when faced with an increase in remote connections. Although Remote Desktop Services can be a fast way to enable remote access for employees, there are a number of security challenges that need to be considered said James Ringold, enterprise security advisor for Microsoft's Cybersecurity Solutions Group.