18 matches found
-=TWELVE=- is back
In the spring of 2024, posts with real people's personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that...
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector
Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest formerly DEV-083...
Fedora 39 : xrdp (2023-5134642a68)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5134642a68 advisory. Release notes for xrdp v0.9.23 2023/08/31 General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release,...
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware. AhnLab Security Emergency Response Center ASEC, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on...
Warning issued over Royal ransomware
As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...
Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware
A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it "observed the actor scanning the internet for victim machines wi...
Fedora: Security Advisory for freerdp (FEDORA-2022-fd6e43dec8)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-23483
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in libxrdpsendtochannel function. There are no known workarounds for this issue. Users are advised to upgrade...
Germ-term, but all year. How criminals are hacking schools
In some schools, the autumn term is often called “germ-term” due to the number of bugs the children bring back after the summer holidays. It usually calms down after a few weeks, however, with hacking there is no slow down. Its all year, its relentless. In the last 10 months of this year schools...
Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data
Cybercriminals are vying for Remote Desktop Protocol RDP access, stolen payment cards and DDoS-for-Hire services, based on a recent analysis of underground marketplace pricing. During the COVID-19 pandemic, cybercriminals have profited with “increasingly advantageous positions to benefit from the...
Blue Mockingbird Monero-Mining Campaign Exploits Web Apps
A Monero cryptocurrency-mining campaign has emerged that exploits a known vulnerability in public-facing web applications built on the ASP.NET open-source web framework. The campaign has been dubbed Blue Mockingbird by the analysts at Red Canary that discovered the activity. Research uncovered th...
Session fixation
The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...
Citadel Variant Opens Backdoor After Malware is Removed
When hackers have compromised a valuable computer, maintaining persistence on that machine is the key to maintaining access to its resources and stored assets. A new variant of the Citadel banking malware has been discovered that comes with a feature that allows the attacker to leverage remote...
Oracle Linux 3 : rdesktop (ELSA-2008-0576)
From Red Hat Security Advisory 2008:0576 : Updated rdesktop packages that fix a security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. rdesktop is an open source client for Microsoft...
[SECURITY] Fedora 9 Update: rdesktop-1.6.0-1.fc9
rdesktop is an open source client for Windows NT Terminal Server and Windows 2000 & 2003 Terminal Services, capable of natively speaking Remote Desktop Protocol RDP in order to present the user's NT desktop. Unlike Citrix ICA, no server extensions are required...
Integer overflow
Integer underflow in the isorecvmsg function iso.c in rdesktop 1.5.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Remote Desktop Protocol RDP request with a small length field...
Design/Logic Flaw
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop...
CVE-2001-0540
CVE-2001-0540: Memory leak in Windows NT/2000 Terminal Server processing of malformed RDP requests to port 3389 leads to memory exhaustion and DoS. Affected: Windows NT/2000 Terminal Services. Root cause: memory handling during RDP request processing. Remediation: Microsoft Security Bulletin MS01...