Daily NCSC-FI news followup 2019-11-03

BlueKeep attacks are happening, but it’s not a worm

www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/ Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last May when it issued a dire warning and urged users to patch. Instead, a hacker group has been using a demo BlueKeep exploit released by the Metasploit team back in September to hack into unpatched Windows systems and install a cryptocurrency miner. This BlueKeep campaign has been happening at scale for almost two weeks, but it’s been only spotted today by cybersecurity expert Kevin Beaumont. The British security expert said he found the exploits in logs recorded by honeypots he set up months before and forgot about. First attacks date back to October 23, Beaumont told ZDNet. Beaumont’s discovery was confirmed by Marcus “MalwareTech” Hutchins, the security researcher who stopped the WannaCry ransomware outbreak, and who’s a recognized expert in the BlueKeep exploit. The attacks discovered by Beaumont are nowhere near the scale of the attacks Microsoft was afraid of back in May, when it likened BlueKeep to EternalBlue, the exploit at the heart of the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks of 2017. Read also:

www.wired.com/story/bluekeep-hacking-cryptocurrency-mining/,

thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html and

www.bleepingcomputer.com/news/security/windows-bluekeep-rdp-attacks-are-here-infecting-with-miners/

Why Adding Client-Side Scanning Breaks End-To-End Encryption

www.eff.org/deeplinks/2019/11/why-adding-client-side-scanning-breaks-end-end-encryption Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications, using arguments that have barely changed since the 1990’s. But we’ve also seen suggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI). Sometimes called “endpoint filtering” or “local processing, ” this privacy-invasive proposal works like this: every time you send a message, software that comes with your messaging app first checks it against a database of “hashes, ” or unique digital fingerprints, usually of images or videos. If it finds a match, it may refuse to send your message, notify the recipient, or even forward it to a third party, possibly without your knowledge. On their face, proposals to do client-side scanning seem to give us the best of all worlds: they preserve encryption, while also combating the spread of illegal and morally objectionable content. But unfortunately it’s not that simple. While it may technically maintain some properties of end-to-end encryption, client-side scanning would render the user privacy and security guarantees of encryption hollow. Most important, it’s impossible to build a client-side scanning system that can only be used for CEI. As a consequence, even a well-intentioned effort to build such a system will break key promises of the messenger’s encryption itself and open the door to broader abuses. This post is a technical deep dive into why that is.

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

thehackernews.com/2019/11/rConfig-network-vulnerability.html If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices. See also:

shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.