Security News

Microsoft has warned of the risks associated with allowing remote access to desktop services while working from home, publishing guidance on how IT teams can maintain secure working environments when faced with an increase in remote connections. Although Remote Desktop Services can be a fast way to enable remote access for employees, there are a number of security challenges that need to be considered said James Ringold, enterprise security advisor for Microsoft's Cybersecurity Solutions Group.

Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections. For these reasons and more, organizations need to adopt certain security measures to protect themselves when using Microsoft's RDP. SEE: How to work from home: IT pro's guidebook to telecommuting and remote work.

Microsoft announced this week that has deprecated Remote Desktop Connection Manager due to security concerns. The application has been around for decades, providing users with the ability to manage multiple remote desktop connections, but Microsoft has long been investing in other solutions to provide users with remote desktop access.

A recently disclosed vulnerability affecting Zoho's ManageEngine Desktop Central endpoint management solution is already being exploited in attacks. Researcher Steven Seeley of Source Incite last week decided to disclose a critical Desktop Central vulnerability that can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.

ManageEngine Desktop Central is developed by ManageEngine, a division of Zoho Corporation, a software development company that focuses on web-based business tools and information technology. CVE-2020-10189 allows for deserialization of untrusted data and allows unauthenticated, remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central and achieve SYSTEM/root privileges.

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer - if they use the desktop client paired with the iPhone app. The security bug was fixed in January by Facebook in WhatsApp Desktop version 0.3.9309 and later.

The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who said he found multiple issues in WhatsApp Desktop, starting with an open redirect into persistent XSS and Content Security Policy bypass, and then a "Cross platforms read from the local file system." One of the main issues Weizman identified was that an attacker could modify WhatsApp reply messages to include quotes of messages the recipient never sent.

This release adds application load testing to its continuous desktop and application testing platform. Login VSI increases the breadth of its change management testing capabilities by adding application load testing.

Fyde, the new standard for zero trust secure access, announced that the award-winning Fyde app is now available to all desktop users. Mac, PC, and Linux desktops can now take advantage of the...

BlueKeep isn't the only bug in town, plenty to go round VNC remote desktop software has no shortage of potentially serious memory-corruption vulnerabilities, you'll no doubt be shocked to hear.…