Security News

Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty of 20 years for selling access to compromised computers. Last month, Diaconu consented to be extradited to the United States for wire fraud, money laundering, computer fraud, and access device fraud.

Ransomware threat actors are spending less time on compromised networks before security solutions sound the alarm. In the first half of the year the hackers' median dwell time dropped to five days from nine in 2022.

In the intervening decades, RDP has become a widely used protocol for remote access and administration of Windows-based systems. The downside of RDP's widespread use is that a Remote Code Execution vulnerability in an RDP gateway can have severe consequences, potentially leading to significant damage and compromising the security and integrity of the affected system.

Hackers swarm to RDP. An experiment using high-interaction honeypots with an RDP connection accessible from the public web shows how relentless attackers are and that they operate within a daily schedule very much like working office hours. The attack count for the entire year reached 13 million login attempts.

Specops Software released a research analyzing the top passwords used in live attacks against Remote Desktop Protocol ports. This analysis coincides with the latest addition of over 34 million compromised passwords to the Specops Breached Password Protection Service, which now includes over 3 billion unique compromised passwords.

Microsoft is now taking steps to prevent Remote Desktop Protocol brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute-force password vectors," David Weston, Microsoft's vice president for OS security and enterprise, said in a series of tweets last week.

Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks. The issue of macros has become a particularly gnarly one for the software giant.

"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollout of the default blocking of VBA macros obtained from the internet. Brute-forced RDP access and malicious macros have for a long time been two of the most popular tactics used by threat actors to gain unauthorized access to Windows systems.

Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts after 10 failed sign-in attempts for 10 minutes. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston, Microsoft's VP for Enterprise and OS Security, tweeted Thursday.

Redmond published three cumulative updates as part of its scheduled June 2022 monthly "C" updates to allow customers to test upcoming fixes: KB5014668, KB5014665, and KB5014669. As the company revealed on Thursday in updates to known issue entries in the Windows health dashboard [1, 2, 3], the updates also address connectivity issues when using Wi-Fi hotspots after installing Windows updates released as part of the June 2022 Patch Tuesday.