03 Jun 2019

Microsoft issues second warning about patching BlueKeep as PoC code goes public

For the second time in a very short period, Microsoft has issued a warning urging organizations to install a security patch for the highly critical BlueKeep security flaw that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The vulnerability, tracked as CVE-2019-0708, could be used by threat

Read More
30 May 2019

Russia’s Would-Be Windows Replacement Gets a Security Upgrade

Earlier this week, we reported that China is developing a custom operating system (OS) for military computers in order to replace the Windows systems currently in use. It now seems that Russia is pursuing a similar strategy, since the Kremlin recently gave the domestically developed Astra Linux operating system the

Read More
29 May 2019

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code. The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol

Read More
28 May 2019

Siemens Medical Products Affected by Wormable Windows Flaw

A Siemens investigation found that the recently discovered critical Windows security flaw known as BlueKeep impacts various medical devices produced by Siemens Healthineers, a Siemens division. The vulnerability, tracked as CVE-2019-0708, impacts RDP implementations on Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 and other older Windows operating

Read More
27 May 2019

Intense scanning activity detected for BlueKeep RDP flaw

Threat actors are actively scanning the web looking for Remote Desktop Protocol (RDP) services that are affected by the highly critical BlueKeep security flaw. The vulnerability, tracked as CVE-2019-0708, impacts RDP implementations on Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 and other older Windows operating systems. While

Read More
27 May 2019

Hackers are scanning for MySQL servers to deploy GandCrab ransomware

Sophos researchers have discovered a new ransomware campaign targeting Internet-facing MySQL servers running on Windows systems. Threat actors are actively scanning the web for MySQL databases running on Windows platforms. When they discover a MySQL server, they first verify that it is running on Windows and then try to infect

Read More
24 May 2019

Researcher publishes Windows zero-days for the third day in a row

On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft. One of the new flaws is a

Read More
23 May 2019

Volume of Signed Malware Increases, CAs Need Better Vetting

New figures from Chronicle show that threat actors increasingly manage to abuse digital certificates in order to sign malware. As a result, operating systems can no longer reliably use such certificates to distinguish legitimate software from malicious programs. The study, which looked only at highly malicious programs targeting Windows operating

Read More
23 May 2019

Two More Zero-Day Vulnerabilities Released for Windows

Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult

Read More
22 May 2019

New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

A notorious Windows exploit developer known by the moniker SandboxEscaper has released a new exploit that allows users with limited privileges to obtain complete control over files that can otherwise only be altered by admin accounts and system processes. The zero-day flaw affects the Task Scheduler utility and is relatively

Read More