Security News

NetApp, the leader in cloud data services, announced that it acquired CloudJumper, a leading cloud software company in the virtual desktop infrastructure and remote desktop services markets. As a result of the acquisition, the new NetApp Virtual Desktop Service will solve the most challenging problems of virtual desktop services and application management, allowing customers to deploy, manage, monitor and optimize those environments as a total solution from a single company on the public cloud of their choice.

The attacks are a likely offshoot of cybercriminals looking to take advantage of the unprecedented numbers of employees working from home amid the COVID-19 pandemic, researchers noted. A successful attack would give cybercriminals remote access to the target computer with the same permissions and access to data and folders that a legitimate user would have.

Microsoft has warned of the risks associated with allowing remote access to desktop services while working from home, publishing guidance on how IT teams can maintain secure working environments when faced with an increase in remote connections. Although Remote Desktop Services can be a fast way to enable remote access for employees, there are a number of security challenges that need to be considered said James Ringold, enterprise security advisor for Microsoft's Cybersecurity Solutions Group.

Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections. For these reasons and more, organizations need to adopt certain security measures to protect themselves when using Microsoft's RDP. SEE: How to work from home: IT pro's guidebook to telecommuting and remote work.

Microsoft announced this week that has deprecated Remote Desktop Connection Manager due to security concerns. The application has been around for decades, providing users with the ability to manage multiple remote desktop connections, but Microsoft has long been investing in other solutions to provide users with remote desktop access.

A recently disclosed vulnerability affecting Zoho's ManageEngine Desktop Central endpoint management solution is already being exploited in attacks. Researcher Steven Seeley of Source Incite last week decided to disclose a critical Desktop Central vulnerability that can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.

ManageEngine Desktop Central is developed by ManageEngine, a division of Zoho Corporation, a software development company that focuses on web-based business tools and information technology. CVE-2020-10189 allows for deserialization of untrusted data and allows unauthenticated, remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central and achieve SYSTEM/root privileges.

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer - if they use the desktop client paired with the iPhone app. The security bug was fixed in January by Facebook in WhatsApp Desktop version 0.3.9309 and later.

The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who said he found multiple issues in WhatsApp Desktop, starting with an open redirect into persistent XSS and Content Security Policy bypass, and then a "Cross platforms read from the local file system." One of the main issues Weizman identified was that an attacker could modify WhatsApp reply messages to include quotes of messages the recipient never sent.

This release adds application load testing to its continuous desktop and application testing platform. Login VSI increases the breadth of its change management testing capabilities by adding application load testing.