Security News
A new report by cyber threat intelligence provider Check Point illustrates a specific type of attack known as Reverse RDP. In a blog post published Thursday, Check Point explained how a Reverse RDP attack works. At Black Hat 2019, Check Point researchers revealed the Reverse RDP vulnerability, proving that a malware-infected remote computer could take over any client PC that connects to it.
Remember the Reverse RDP Attack-wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.
According to Kaspersky, the number of brute-force RDP attacks has rocketed all around the world. At the beginning of March, the security company was observing in the low hundreds of thousands of RDP attempts per country, per day, but the volume grew to nearly 1 million attacks per day toward the end of the month, in some countries.
Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol, a popular and common means for remotely managing a computer over a network connection. The number of devices exposing RDP to the internet on standard ports has grown by 41.5 percent over the past month.
A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol brute-forcing, Bitdefender reports. Now, its operators apparently added a new rdpScanDll module to the threat, to brute-force RDP for a specific list of victims.
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol connection exposed to the Internet. "From add-ons for stealing OpenSSH and OpenVPN sensitive data, to modules that perform SIM-swapping attacks to take control of a user's telephone number, and even disabling Windows built-in security mechanisms before downloading its main modules, TrickBot is a jack-of-all-trades."
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol connection exposed to the Internet. "From add-ons for stealing OpenSSH and OpenVPN sensitive data, to modules that perform SIM-swapping attacks to take control of a user's telephone number, and even disabling Windows built-in security mechanisms before downloading its main modules, TrickBot is a jack-of-all-trades."
Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. The proportion of Windows devices connected to a network that are vulnerable is far higher, at 45%, it adds.
The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as 'critical' and 87 'important'. The first indication of the IE zero-day, now identified as CVE-2020-0674, appeared when Mozilla fixed a very similar issue in Firefox on 8 January, less than two days after the appearance of version 72.