Security News

Zoho has addressed a new critical severity vulnerability that affects the company's Desktop Central and Desktop Central MSP unified endpoint management solutions. ManageEngine Desktop Central is an endpoint management platform that allows admins to deploy patches and software over the network and troubleshoot them remotely.

Microsoft has released an emergency out-of-band update to address a Windows Server bug leading to Remote Desktop connection and performance issues. Affected platforms include Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. The updates that address this issue are not available from Windows Update and will not install automatically on affected systems.

Recently released Dell BIOS updates are reportedly causing serious boot problems on multiple laptops and desktop models. Impacted models include Dell Latitude laptops, as well as Dell Inspiron 5680 and Alienware Aurora R8 desktops.

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network. The vulnerabilities affect both the cloud services and their end users.

The North Korea-linked ScarCruft advanced persistent threat group has developed a fresh, multiplatform malware family for attacking North Korean defectors, journalists and government organizations involved in Korean Peninsula affairs. ScarCruft specifically controls the malware using a PHP script on a compromised web server, directing the binaries based on HTTP parameters.

Across the country businesses and public agencies alike are holding virtual job fairs and summits and talking about the effects of the virtual workforce. One solution to this hurdle is the virtual desktop, such as Microsoft's Azure Virtual Desktop, which can be an easy way to deploy and manage desktop and application virtualization via a service running in the cloud.

Microsoft has fixed a known Windows 10 issue causing smartcard authentication to fail when trying to connect using Remote Desktop after installing the cumulative updates released during last month's Patch Tuesday. Microsoft has already rolled out a fix to address this issue via the Known Issue Rollback feature to affected Windows 10 devices.

The latest version of the world's most popular Linux distribution, Ubuntu 21.10, codenamed 'Impish Indy', has landed on Canonical's download channels. The 'Server' edition of Ubuntu 21.10 comes with 'needrestart' enabled by default, includes certified NVIDIA GPU drivers, and offers a 'minimal' installation option to accommodate IoT or container installations.

Microsoft has fixed a bug blocking some Azure Virtual Desktop devices from downloading and installing monthly security via Windows Server Update Services since early July. Microsoft also provides two workarounds that allow customers to apply monthly security updates on Azure Virtual Desktop systems using WSUS if they can't immediately deploy the KB5005565 CU that fixes the known issue.

Security specialist ESET's latest Threat Report warns of a massive increase in attacks on Remote Desktop Protocol endpoints - and new activity from the Nobelium gang against European government organisations. ESET's figures show attacks on RDP servers having gone up 103.9 per cent since its T1 report in June - it publishes three a year - representing a total of 55 billion detected brute-force attacks, thanks in no small part to a campaign focused on Spanish targets.