Microsoft clamps down on RDP brute-force attacks in Windows 11
It wasn’t so long ago that we were wondering what improvements Windows 11 would make in the security stakes. Well, we haven’t had to wait too long to find out. Windows 11 build 22528.1000 and up will tackle one of the more common entry points for network intruders. Namely, trying to prevent the brute forcing…
New Cross-Platform ‘Luna’ Ransomware Only Offered to Russian Affiliates
The ransomware is fairly simple, according to Kaspersky, whose researchers analyzed the malware, but it uses an encryption scheme that’s not typically used by ransomware — a combination of X25519 and AES. Luna is developed in Rust, which makes it easy to port to different platforms, and can also help evade static analysis. “Both the…
Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability
The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May. The first attacks leveraging Follina…
How Advances in Cloud Security Can Help with Ransomware
The ransomware scourge continues, with incidents hitting a U.S. record in the second quarter of 2021, as attackers expand into vertical industries and target critical infrastructure. Ransom demands have also been growing. According to IT Governance, the average decryption key rate from attackers is $140,000 yet many organizations end up paying much more than that….
128 vulnerabilities in Microsoft products
In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a…
Linux Systems Are Becoming Bigger Targets
When it comes to security, there are some low-lying threats that can cause big problems. One important example is malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. And, as the Linux footprint continues to expand, so, too, will attacks against it. Researchers from FortiGuard Labs noted…
17 Malware Frameworks Target Air-Gapped Systems for Espionage
The list was created over the course of 15 years, but the last four of the frameworks emerged last year, proof of an increased interest by threat actors to target isolated systems. Only malware components working together to create an offline, covert communication channel between air-gapped networks and a threat actor were taken into consideration…
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day…
NTLM relay attacks explained, and why PetitPotam is the most dangerous
Microsoft Active Directory (AD), which handles identity management, reportedly holds 90% to 95% market share among fortune 500 companies. Given such broad adoption, it is no surprise that it is so heavily targeted by malicious actors and researchers alike. Among the most cited types of attacks against AD are legacy protocols. One such protocol that…
Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes
I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now. PrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network…
