Security News

Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown "Critical" ones and three "Important" ones that were already public. "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client," says Dustin Childs, with Trend Micro's Zero Day Initiative.

RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET's latest Threat Report has revealed. RDP brute-force attacks escalated throughout all of 2020 and 2021, and the last four months of 2021 brought a further acceleration, with an increase of 274%. But while the intensity of these attacks is growing, detections by the company's solutions show that the number of targets has been gradually shrinking - "Although it doesn't seem like the rampage is about to end any time soon."

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance. A recently discovered vulnerability in Microsoft's remote desktop protocol goes back to Windows Server 2012 R2 and lets anyone who can connect to an RDP session gain near total control over other RDP users, launching a man-in-the-middle attack.

The bug dates back at least to Windows Server 2012 R2, CyberArk software architect and security champion Gabriel Sztejnworcel wrote, leading the firm to conclude that the latest versions of Windows - including client and server editions - are affected. Sztejnworcel's writeup goes into great detail about how the attack works, but some basics on RDP plumbing include the fact that RDP splits a single connection into multiple logical connections called virtual channels for handling different types of data.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

90% of security leaders view bot management as a top priorityHUMAN published a research into security leaders' perceptions of and responses to sophisticated bot attacks. May 2021 Patch Tuesday: Adobe fixes exploited Reader 0-day, Microsoft patches 55 holesAdobe has fixed a Reader flaw exploited in attacks in the wild, as well as delivered security updates for eleven other products, including Magento, Adobe InDesign, Adobe After Effects, Adobe Creative Cloud Desktop Application, and others.

Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports. RDP needs to be well protected, and direct access should never be provided to an RDP server.

The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. Due to its prevalent use in corporate networks, cybercriminals have built a thriving economy around selling the stolen credentials for RDP servers.

VanDyke Software announced the official releases of SecureCRT 9.0 and SecureFX 9.0. Built-in RDP support in secureCRT 9.0 for Windows.

February 2021 Patch Tuesday: Microsoft and Adobe fix exploited zero-daysAdobe has fixed a Reader flaw used in limited attacks, as well as delivered security updates for a variety of products, including Acrobat and Reader, Dreamweaver, and Magento. In the wake of the COVID-19 pandemic, security has become a top priority for nearly all organizations.