Daily NCSC-FI news followup 2019-06-18

Microsoft Operating Systems BlueKeep Vulnerability

www.us-cert.gov/ncas/alerts/AA19-168A BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.

Russian Hacks on U.S. Voting System Wider Than Previously Known

www.bloomberg.com/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections Russias cyberattack on the U.S. electoral system before Donald Trumps election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

THE HIGHLY DANGEROUS ‘TRITON’ HACKERS HAVE PROBED THE US GRID

www.wired.com/story/triton-hackers-scan-us-power-grid/ Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks. Scanning alone hardly represents a serious threat. But these hackers, known as Xenotimeor sometimes as the Triton ac

Microsoft Management Console Bugs Allow Windows Takeover

threatpost.com/microsoft-management-console-bugs/145791/ A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine.

GoldBrute: the botnet searching for RDP connections

www.pandasecurity.com/mediacenter/malware/goldbrute-botnet-rdp/ This new threat is GoldBrute, a botnet that is currently scanning the Internet, actively searching for Windows machines with the Remote Desktop Protocol (RDP) connection enabled. The researchers have discovered that the malware has compiled a list of 1.5 million unique systems with RDP enabled.

Threat Actors Use Older Cobalt Strike Versions to Blend In

www.bleepingcomputer.com/news/security/threat-actors-use-older-cobalt-strike-versions-to-blend-in/ Plenty of outdated Cobalt Strike servers exist in the wild, helping cybercriminals or giving security professionals the upper hand when testing corporate defenses; and they can be easily identified to stifle intrusions of any purpose.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.