Daily NCSC-FI news followup 2019-11-03

BlueKeep attacks are happening, but it’s not a worm

www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/ Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner. Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last May when it issued a dire warning and urged users to patch. Instead, a hacker group has been using a demo BlueKeep exploit released by the Metasploit team back in September to hack into unpatched Windows systems and install a cryptocurrency miner. This BlueKeep campaign has been happening at scale for almost two weeks, but it’s been only spotted today by cybersecurity expert Kevin Beaumont. The British security expert said he found the exploits in logs recorded by honeypots he set up months before and forgot about. First attacks date back to October 23, Beaumont told ZDNet. Beaumont’s discovery was confirmed by Marcus “MalwareTech” Hutchins, the security researcher who stopped the WannaCry ransomware outbreak, and who’s a recognized expert in the BlueKeep exploit. The attacks discovered by Beaumont are nowhere near the scale of the attacks Microsoft was afraid of back in May, when it likened BlueKeep to EternalBlue, the exploit at the heart of the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks of 2017. Read also:

www.wired.com/story/bluekeep-hacking-cryptocurrency-mining/,

thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html and

www.bleepingcomputer.com/news/security/windows-bluekeep-rdp-attacks-are-here-infecting-with-miners/

Why Adding Client-Side Scanning Breaks End-To-End Encryption

www.eff.org/deeplinks/2019/11/why-adding-client-side-scanning-breaks-end-end-encryption Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications, using arguments that have barely changed since the 1990’s. But we’ve also seen suggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI). Sometimes called “endpoint filtering” or “local processing, ” this privacy-invasive proposal works like this: every time you send a message, software that comes with your messaging app first checks it against a database of “hashes, ” or unique digital fingerprints, usually of images or videos. If it finds a match, it may refuse to send your message, notify the recipient, or even forward it to a third party, possibly without your knowledge. On their face, proposals to do client-side scanning seem to give us the best of all worlds: they preserve encryption, while also combating the spread of illegal and morally objectionable content. But unfortunately it’s not that simple. While it may technically maintain some properties of end-to-end encryption, client-side scanning would render the user privacy and security guarantees of encryption hollow. Most important, it’s impossible to build a client-side scanning system that can only be used for CEI. As a consequence, even a well-intentioned effort to build such a system will break key promises of the messenger’s encryption itself and open the door to broader abuses. This post is a technical deep dive into why that is.

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

thehackernews.com/2019/11/rConfig-network-vulnerability.html If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers, and connected network devices. See also:

shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/

You might be interested in …

Daily NCSC-FI news followup 2020-05-29

Highly-targeted attacks on industrial sector hide payload in images www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/ Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images. Victims in multiple countries (Japan, the U.K., Germany, Italy) were identified. Some of them supply equipment and software solutions to industrial enterprises. […]

Read More

Daily NCSC-FI news followup 2019-07-28

Who’s Behind the Syrian Electronic Army? – An OSINT Analysis ddanchev.blogspot.com/2019/07/whos-behind-syrian-electronic-army.html Continuing the “FBI Most Wanted Cybercriminals” series I’ve decided to continue providing actionable threat intelligence on some of the most prolific and wanted cybercriminals in the World through the distribution and dissemination of actionable intelligence regarding some of the most prolific and wanted cybercriminals.. […]

Read More

Daily NCSC-FI news followup 2019-11-13

While CISOs Fret, Business Leaders Tout Security Robustness www.darkreading.com/operations/while-cisos-fret-business-leaders-tout-security-robustness/d/d-id/1336342 Nominet recently surveyed nearly 300 senior security and IT practitioners, including CISOs, CIOs, and CTOs from the US and UK. The survey sought to assess the level of confidence among executives about their organizations’ cybersecurity posture and readiness to deal with threats.. Seventy percent of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.