Security News

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
2023-03-09 14:54

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access
2023-03-09 05:23

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. "A buffer underwrite vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests," Fortinet said in an advisory.

Remote access policy
2023-03-08 11:00

TechRepublic Premium Risk management policy SUMMARY Risk management involves the practice of addressing and handling threats to the organization in the form of cybersecurity attacks and compromised or lost data. The process of establishing appropriate risk management guidelines is critical to ensure company operations and reputation do not suffer adverse impacts.

Shein's Android App Caught Transmitting Clipboard Data to Remote Servers
2023-03-07 07:42

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021.

Locking down the remote printer
2023-02-21 07:21

According to the Quocirca Print Security Landscape 2022 report, printer security is still some way down the worry list of most IT decision makers behind hybrid application platforms, email, public networks, and traditional endpoints. "Printer security is about understanding the threats to the network traffic, to the device itself and to the documents it prints. Every security feature you'll find in secure printers will address one of these categories of risk," he adds before going on to list a range of printer security issues.

Microsoft fixes Windows 11 issue behind Remote Desktop freezes
2023-01-27 16:42

Microsoft has addressed a known issue causing the Remote Desktop app to freeze on Windows 11 systems after installing the Windows 11 2022 Update. "After installing Windows 11, version 22H2, the Windows Remote Desktop application might stop responding when connecting via a Remote Desktop gateway or Remote Desktop Connection Broker," Redmond explains on the Windows health dashboard entry published in November.

Attackers use portable executables of remote management software to great effect
2023-01-26 11:16

Tricking users at targeted organizations into installing legitimate remote monitoring and management software has become a familiar pattern employed by financially motivated attackers. After discovering the maliciously installed software on a system at one of the FCEB agencies, CISA went searching for and found more thusly compromised systems at other agencies.

CISA: Federal agencies hacked using legitimate remote desktop tools
2023-01-25 21:18

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management software for malicious purposes. More worryingly, CISA discovered malicious activity within the networks of multiple federal civilian executive branch agencies using the EINSTEIN intrusion detection system after the release of a Silent Push report in mid-October 2022.

Lessons Learned from the Windows Remote Desktop Honeypot Report
2023-01-25 15:06

Over several weeks in October of 2022, Specops collected 4.6 million attempted passwords on their honeypot system. Though the examples given here focused on RDP connections, a honeypot is not limited to that type of connection, and any remote access system is subject to attacks, like SSH. What should an organization do to minimize the potential damage?

Git Users Urged to Update Software to Prevent Remote Code Execution Attacks
2023-01-18 09:28

The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution.X41 D-Sec security researchers Markus Vervier and Eric Sesterhenn as well as GitLab's Joern Schneeweisz have been credited with reporting the bugs.