Security News

New RDStealer malware steals from drives shared over Remote Desktop
2023-06-20 13:00

A cyberespionage and hacking campaign tracked as 'RedClouds' uses the custom 'RDStealer' malware to automatically steal data from drives shared through Remote Desktop connections. The Remote Desktop Protocol is a proprietary Microsoft protocol that allows users to remotely connect to Windows desktops and use them as if they were in front of the computer.

'Strictly limit' remote desktop – unless you like catching BianLian ransomware
2023-05-17 20:32

The FBI and friends have warned organizations to "Strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and the ransomware gang's extortion attempts that follow the data encryption. BianLian typically gains access to victims' Windows systems via Remote Desktop Protocol credentials - hence the advice to shore up RDP security - and then uses software tools and command-line scripting to find and steal more credentials and snoop through the network and its files.

Week in review: Fake ChatGPT desktop client steals data, Patch Tuesday forecast
2023-05-07 08:00

Apple starts delivering smaller security updatesThe security updating of iPhones, iPads and Macs has entered a new stage: Apple has, for the first time, released a Rapid Security Response to owners of the devices running the latest versions of its operating systems. Fake ChatGPT desktop client steals Chrome login dataResearchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder.

Fake ChatGPT desktop client steals Chrome login data
2023-05-02 08:37

Researchers are warning about an infostealer mimicking a ChatGPT Windows desktop client that's capable of copying saved credentials from the Google Chrome login data folder. ChatGPT has not released an official desktop client, but this bogus version looks remarkably similar to what one would expect.

3CX customers targeted via trojanized desktop app
2023-03-30 10:27

Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began warning on Wednesday. 3CX offers a Windows, macOS, Linux, Android and iOS version of the app, a Chrome extension, and the PWA version so the software can be also used via any browser.

3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way!
2023-03-30 06:31

3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers."The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls ICO files appended with Base64 data from GitHub and ultimately leads to a third-stage infostealer DLL," SentinelOne researchers said.

Hackers compromise 3CX desktop app in a supply chain attack
2023-03-29 22:46

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

Cybersecurity firms warn of 3CX desktop app supply chain attack
2023-03-29 22:46

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and has over 12 million daily users.

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
2023-03-09 14:54

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

Citrix fixes severe flaws in Workspace, Virtual Apps and Desktops
2023-02-15 18:38

Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products. Citrix products are widely used by organizations worldwide, so it's critical to apply the available security updates to prevent intruders from having an easy way to escalate their privileges on breached systems.