CyberNews Briefs

US company selling weaponized BlueKeep exploit

Earlier this week, US cybersecurity firm Immunity Inc. announced that it has added a functional BlueKeep exploit to its commercial pen-testing toolkit called CANVAS v7.23.

BlueKeep, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. It is a very dangerous flaw because it could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code, just like the 2017 global WannaCry outbreak. While Microsoft released a patch for the flaw on May 14, a recent Internet scan by BitSight found 805,665 systems that were still vulnerable.

CANVAS v7.23 is the first hacking tool that comes with a BlueKeep exploit capable of remote code execution on vulnerable systems. Since CANVAS licenses cost thousands of dollars, the audience is still limited.

Read more: US company selling weaponized BlueKeep exploit

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.