Lucene search
K

19 matches found

OSV
OSV
added 2025/05/22 3:16 p.m.5 views

CVE-2025-5024

A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer bei...

7.4CVSS7AI score0.00822EPSS
Exploits0References13
CISA
CISA
added 2024/10/31 12:0 p.m.15 views

Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology IT. The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote deskto...

7.7AI score
Exploits0References5
Qualys Blog
Qualys Blog
added 2023/11/23 9:53 a.m.28 views

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...

7.7AI score
Exploits0
OpenVAS
OpenVAS
added 2023/10/09 12:0 a.m.5 views

Debian: Security Advisory (DLA-3608-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2023/10/09 12:0 a.m.7 views

Debian: Security Advisory (DLA-3607-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
Veracode
Veracode
added 2023/08/06 4:13 p.m.28 views

Remote Code Execution (RCE)

virtualbox is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that Oracle VM VirtualBox handles RDP connections. An attacker can exploit this vulnerability to execute arbitrary code on the victim's system...

8.1CVSS8AI score0.0102EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/06/20 11:55 a.m.38 views

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer. "The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Vict...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/30 3:56 p.m.50 views

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, re...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/07/24 6:9 p.m.108 views

A deep dive into Phobos ransomware

Phobos ransomware appeared at the beginning of 2019. It has been noted that this new strain of ransomware is strongly based on the previously known family: Dharma a.k.a. CrySis, and probably distributed by the same group as Dharma. While attribution is by no means conclusive, you can read more...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/07 5:15 p.m.490 views

Forget BlueKeep: Beware the GoldBrute

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...

10CVSS0.99999EPSS
Exploits123References10
NVD
NVD
added 2019/03/21 4:0 p.m.19 views

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

7CVSS6.8AI score0.00342EPSS
Exploits0References3
Prion
Prion
added 2019/03/21 4:0 p.m.14 views

Design/Logic Flaw

DISPUTED An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a...

1.9CVSS6.7AI score0.00342EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2019/03/18 8:9 p.m.12 views

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

6.8AI score0.00342EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/03/18 8:9 p.m.19 views

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

6.8AI score0.00342EPSS
Exploits0References3
CVE
CVE
added 2019/03/18 8:9 p.m.42 views

CVE-2018-18466

CVE-2018-18466 affects SecurEnvoy SecurAccess 9.3.502. When Debug mode is enabled and used for RDP, the emergency credentials are logged in cleartext in the DEBUG folder, exposing them to anyone with access. Root cause: logging of sensitive credentials in cleartext during debugging/debug logs; ve...

7CVSS6.8AI score0.00342EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/03/18 12:0 a.m.5 views

PT-2019-9594 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurAccess version 9.3.502 Description: An issue was discovered in SecurEnvoy SecurAccess. When put in Debug mode and used for RDP connections, the application stores emergency credentials in cleartext in the logs, which can be...

7CVSS6.7AI score0.00342EPSS
Exploits0References6
Carbon Black Blog
Carbon Black Blog
added 2018/07/10 2:25 p.m.164 views

Carbon Black TAU Threat Analysis: Recent Dharma Ransomware Highlights Attackers’ Continued Use of Open-Source Tools

In June of 2018, an organization contacted the Carbon Black Threat Analysis Unit TAU about a ransomware attack they were currently investigating. TAU team members worked with the firm investigating the incident. After the initial analysis was completed, it became apparent that this network had be...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/13 12:0 a.m.53 views

Microsoft Windows: Service: Remote Desktop Services UserMode Port Redirector

The service SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.109272";...

7.3AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/07/27 3:25 p.m.19 views

New Morto Strain Emerges With File Infection Capability

A new strain of the Morto worm has added a file infection capability in addition to its existing ability to compromise remote desktop connections, according to new research from Microsoft. Now Morto is infecting files in the default RDP file share, ‘tsclient,’ after it determines which drives it...

0.9AI score
Exploits0References3
Rows per page
Query Builder