Security News

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

90% of security leaders view bot management as a top priorityHUMAN published a research into security leaders' perceptions of and responses to sophisticated bot attacks. May 2021 Patch Tuesday: Adobe fixes exploited Reader 0-day, Microsoft patches 55 holesAdobe has fixed a Reader flaw exploited in attacks in the wild, as well as delivered security updates for eleven other products, including Magento, Adobe InDesign, Adobe After Effects, Adobe Creative Cloud Desktop Application, and others.

Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports. RDP needs to be well protected, and direct access should never be provided to an RDP server.

The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. Due to its prevalent use in corporate networks, cybercriminals have built a thriving economy around selling the stolen credentials for RDP servers.

VanDyke Software announced the official releases of SecureCRT 9.0 and SecureFX 9.0. Built-in RDP support in secureCRT 9.0 for Windows.

February 2021 Patch Tuesday: Microsoft and Adobe fix exploited zero-daysAdobe has fixed a Reader flaw used in limited attacks, as well as delivered security updates for a variety of products, including Acrobat and Reader, Dreamweaver, and Magento. In the wake of the COVID-19 pandemic, security has become a top priority for nearly all organizations.

The COVID-19 pandemic continued to influence the cybercrime landscape in 2020, ESET reveals. Most notably, the new attack surface created by the shift to work from home brought further growth of Remote Desktop Protocol attacks, albeit at a slower rate compared to previous quarters.

Netscout so far has identified more than 14,000 "Abusable" Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic. What's more, while initially only advanced attackers with access to "Bespoke DDoS attack infrastructure" used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called "Booters," they said.

Windows admins can configure RDP to run on TCP port 3389 or UDP port 3389, and if the latter is enabled, the system can be abused to launch DDoS attacks that have an amplification ratio of 85.9:1. The company has reported seeing roughly 14,000 unprotected RDP servers that can be abused for such attacks.

"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.