Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, also known as the "BlueKeep" vulnerability. The vulnerability is in the Remote Desktop Protocol RDP service, which is a remote access protocol used by Windows systems. The exploit is designed to scan for vulnerable systems and exploit the vulnerability to...

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the...

Microsoft Remote Desktop Services Remote Code Execution Vulnerability

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The...

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

cve_2019_0708_bluekeep_rce

bluekeep exploit...

Exploit for Use After Free in Microsoft

CVE-2019-0708 BlueKeep pre-auth RCE POC on Windows7 !Ricer...

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

How to Use VMware Carbon Black’s Real-Time Endpoint Query to Identify BlueKeep Vulnerability Risk

Recently, security researchers revealed a Proof of Concept attack that leverages the BlueKeep vulnerability. Whenever this type of news breaks on the twittersphere, organizations are left with the question: "Are we susceptible to this type of attack?" Using CB LiveOps, a real-time endpoint query...

Biggest Malware Threats of 2019

One out of five computer users were subject to at least one malware-class web attack in 2019. This past year cities such as New Orleans were under ransomware siege by the likes of malware Ryuk. Zero-day vulnerabilities were also in no short supply with targets such as Google Chrome and Operation...

Exploit for Improper Input Validation in Microsoft

CVE-2019-0708 批量检测 0x01 前言 CVE-2019-0708 Windows RDP 远程命令执行漏洞 Windows系列服务器于2019年5月15号，被爆出高危漏洞，该漏洞影响范围较广，windows2003、windows2008、windows2008 R2、windows xp 系统都会遭到攻击，该服务器漏洞利用方式是通过远程桌面端口3389，RDP协议进行攻击的...

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for ...

Threat Source newsletter (Sept. 5, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. By now, nearly everyone has heard of BlueKeep. It definitely sounds scary, with of this talk of wormable bugs and WannaCry. But so far, ...

Protect against BlueKeep

Worms are the cause of many cyber headaches. They can easily replicate themselves to spread malicious malware to other computers in your network. As the field responders providing Microsoft enterprise customers with onsite assistance to serious cybersecurity threats, our Detection and Response Te...

Fearing WannaCry-Level Danger, Enterprises Wrestle with BlueKeep

The nightmare vision of a “mega-worm” global BlueKeep infection could be closer to becoming reality as working exploits are now becoming available to the public, and there’s evidence that adversaries are actively scanning for the vulnerability. Researchers weighed in with Threatpost about how...

Wormable BlueKeep Bug Still Threatens Legions of Windows Systems

For the past two months, security researchers have been sounding the alarm about BlueKeep, a critical remote code-execution vulnerability in Microsoft Windows that researchers said could lead to a “mega-worm” global infection. As of July 2, approximately 805,665 systems remain online that are...

Rdpscan - A Quick Scanner For The CVE-2019-0708 "BlueKeep" Vulnerability

This is a quick-and-dirty scanner for the CVE-2019-0708 vulnerability in Microsoft Remote Desktop. Right now, there are about 900,000 machines on the public Internet vulnerable to this vulnerability, so many are to expect a worm soon like WannaCry and notPetya. Therefore, scan your networks and...

Working BlueKeep Exploit Developed by DHS

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...

A week in security (June 3 – 9)

Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down...

Forget BlueKeep: Beware the GoldBrute

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...

News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety

This week, the focus was on Infosecurity Europe, which took place in London and showcased a myriad of sessions, threat research and trends in the cybersecurity space. During the Threatpost news wrap for the week ended June 7, the team breaks down the top news from the show, as well as other...