Remote Desktop Protocol Has Plenty Code-Execution Flaws
Remote Desktop Protocol has plenty of code-execution flaws in both open-source RDP and Microsoft’s RDP client. This makes it possible for a malicious hackers to infect a client computer and then allow them to intrude into the IT network as a whole.
What IS RDP?
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists.
So What Is The Issue?
According to Check Point research released on Tuesday at a Las Vegas event, open-source and Microsoft … Read the rest
Why You Need Security Education and Awareness Training.
One of the greatest threats to information security could actually come from within your company or organization. Inside ‘attacks’ have been noted to be some of the most dangerous. It is not always disgruntled workers who are a threat. Often, it is the non-malicious, uninformed employees.
1. It is the first line of defense against security risks
You cannot protect yourself against something that you are oblivious of its existence. So, you must be really aware of threats to both physical and information security. This is the only way you can prevent them. And you cannot achieve this except with security awareness education.
2. You will be complying with regulatory requirements
The number of laws that require employees of organizations to undergo certain forms of security awareness training is now on the increase. And if this law isn’t presently binding on your business or employer, chances are high that the … Read the rest
New SpeakUp Backdoor Infects Linux and MacOS
A new malware campaign has been found containing a new Backdoor Trojan called SpeakUp and they are targeting Linux Servers and MacOS by exploiting vulnerabilities in their systems.
Check Point researchers stated that the malware campaign attacks Linux servers from all over the world using the CVE-2018-20062 ThinkPHP remote code execution vulnerability as an initial infection vector.
To upload a “PHP shell that serves and executes a Perl backdoor” on vulnerable Linux machines, it will employ command injection techniques to send shell commands via a GET request’s “module” parameter:
s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo ^>index.php
Followed by the Trojan injecting a backdoor by pulling the ibus Perl script payload and store it in /tmp/e3ac24a0bcddfacd010a6c10f4a814bc, which will immediately be launched with the help of a follow-up malicious HTTP request designed to execute the Perl-based backdoor, pause for a couple of seconds and delete the file to remove any indication that something is wrong.
The malware … Read the rest
The Decorating Website Houzz Was Breached
The decorating website called Houzz stated that account usernames and passwords have been compromised by an unknown source. They also mentioned if their users also logged into Houzz using Facebook, their user’s public Facebook ID was exposed as well.
Houzz quickly sent emails to their users base to urge them to change their passwords.
“Houzz recently learned that a file containing some of our user data was obtained by an unauthorized third party,” which was stated on their website. “The security of user data is our priority. We immediately launched an investigation and engaged with a leading forensics firm to assist in our investigation, containment and remediation efforts. We have also notified law enforcement authorities.”
When did they find out about this incident?
… Read the rest
“We learned about the incident in late December 2018 and immediately engaged with a leading forensics firm to assist in our investigation, containment, and remediation efforts.”
Keep Winning With Malwarebytes
What is Malwarebytes good at?
- Being a second layer of defense against malware and ransomware.
- Plays nice with other antivirus products.
- Be well protected regardless of the browser you prefer using.
Malwarebytes for Windows Premium vs. Free
Malwarebytes is offered in two versions: Premium version and a Free version. The Free version can detect and remove malware, spyware and rookits from your machine. The Premium version does the same things, but has a few other features:
- Real-time protection
- Anti-exploit
- Anti-ransomware
- Malicious website protection
Pros and cons
Here are some pros about the Premium version of Malwarebytes for Windows:
- It includes anti-exploit features that some traditional antivirus products do not, and which can protect
Say Goodbye Google+
Recently on January 30th 2019 Google has announced that they will be shutting down Google+ on April 2, 2019.
… Read the restIn December 2018, we announced our decision to shut down Google+ for consumers in April 2019 due to low usage and challenges involved in maintaining a successful product that meets consumers’ expectations. We want to thank you for being part of Google+ and provide next steps, including how to download your photos and other content.
On April 2nd, your Google+ account and any Google+ pages you created will be shut down and we will begin deleting content from consumer Google+ accounts. Photos and videos from Google+ in your Album Archive and your Google+ pages will also be deleted. You can download and save your content, just make sure to do so before April. Note that photos and videos backed up in Google Photos will not be deleted.
The
Airbus suffered a data breach.
Aerospace giant Airbus has become the latest victim to hackers, they said the company suffered a cyber attack that lead to a massive data breach which released billions of records onto the Dark Web.
“Airbus SE detected a cyber incident on Airbus ‘Commercial Aircraft business’ information systems, which resulted in unauthorized access to data,” the company says in a statement issued on Wednesday. “There is no impact on Airbus’ commercial operations.”
After reviewing the leaked records called “Collections #2-5” it contain a massive 2.2 billion stolen account records. Which is many millions of accounts shorter than the Collections #1 Dump
… Read the rest“2.2 billion records is a staggering number,” said Frederik Mennes, senior manager of Market & Security Strategy, Security Competence Center at OneSpan, via email. “Companies should remember that easy targets will continue to be exploited first, because cybercrime follows the path of least resistance. Applying multi-factor authentication may stop an
Is Microsoft OneDrive HIPAA Compliant?
Are you looking to find out if OneDrive is a HIPAA compliant cloud storage solution? We reviewed the Microsoft Trust Center and found a page called HIPAA and the HITECH Act.
Within the document Microsoft states the following:
“Currently there is no official certification for HIPAA or HITECH Act compliance. However, those Microsoft services covered under the BAA have undergone audits conducted by accredited independent auditors for the Microsoft ISO/IEC 27001 certification.”
Since Microsoft OneDrive is bundled into Office 365, we decided to look for a PDF doc for Office 365 and behold Office 365 Compliance Framework for Industry Standards and Regulations . This PDF document offered a deeper insight for OneDrive and its capabilities on HIPAA compliance and the document specifically states that OneDrive for Business can be HIPAA compliant while OneDrive consumer cloud storage is not HIPAA compliant.
So Is Microsoft OneDrive A HIPAA Compliant Service?
What is the Tor Browser and should you use it?
The Tor Browser has been around for some time but now should you use it? You do get the anonymity and Tor’s primary benefit is that it encrypts your traffic and bounces it through a chain of computers, making it very difficult for anyone to track where you came from but is this software worth your psyche?
I just want to mention that at least they have a positive Vision? “At the end of the day for Tor what we hope is that our technology becomes underlying, and everything else that happens online happens on top of it,” says Isabela Bagueros, executive director of the Tor Project. “Seeing interest and adoption from for-profit companies and other organizations is a very interesting moment for us, because we are creating different examples to show how our vision can be possible.”
If you have more questions about TOR, Visit the TOR FAQ
However … Read the rest
Firefox 65 improved its online privacy
Mozilla has announced that the latest version Firefox 65 comes with better online privacy controls that makes it easier for you to manage what kind of information you share while you browse the internet.
Loading ...