Security News
A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol brute-forcing, Bitdefender reports. Now, its operators apparently added a new rdpScanDll module to the threat, to brute-force RDP for a specific list of victims.
The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol connection exposed to the Internet. "From add-ons for stealing OpenSSH and OpenVPN sensitive data, to modules that perform SIM-swapping attacks to take control of a user's telephone number, and even disabling Windows built-in security mechanisms before downloading its main modules, TrickBot is a jack-of-all-trades."
A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol connection exposed to the Internet. "From add-ons for stealing OpenSSH and OpenVPN sensitive data, to modules that perform SIM-swapping attacks to take control of a user's telephone number, and even disabling Windows built-in security mechanisms before downloading its main modules, TrickBot is a jack-of-all-trades."
Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. The proportion of Windows devices connected to a network that are vulnerable is far higher, at 45%, it adds.
The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as 'critical' and 87 'important'. The first indication of the IE zero-day, now identified as CVE-2020-0674, appeared when Mozilla fixed a very similar issue in Firefox on 8 January, less than two days after the appearance of version 72.
Xton Technologies, a provider of privileged access management solutions, announced that Xton Access Manager now includes advanced proxy support for RDP, SSH and web proxies allowing customers to create secure, high trust remote sessions with full session recording and keystroke monitoring using native desktop or mobile applications. "Unique to XTAM is our ability to securely lock credentials on the server-side without ever releasing them to the client computer even in an encrypted form. This provides administrators with secure and efficient access to the systems they need to do their jobs while satisfying audit and senior management requirements for just in time secure access and controls."
Amid Uncle Sam's dire warnings, Microsoft said there is no evidence of the flaw being targeted in the wild and its severity level is listed as "Important," a step below the critical remote code execution bugs in RDP,.NET and Internet Explorer. The American spying agency wants everyone to know - to the point of even holding a press conference about CVE-2020-0601 - that it privately found and reported this diabolical cert flaw to Microsoft, and that it is a totally friendly mass-surveillance system that has turned a new leaf, wants to be on the good side of infosec researchers, and cares about your ongoing ability to verify the origin and integrity of executable files and network connections.
BlueKeep isn't the only bug in town, plenty to go round VNC remote desktop software has no shortage of potentially serious memory-corruption vulnerabilities, you'll no doubt be shocked to hear.…
But RDP Attack Overuse Leads Other Hackers Back to Botnets, Researchers FindMany ransomware-wielding attackers continue to hack into organizations via remote desktop protocol. But some Sodinokibi...