BlueKeep Attacks seen in the wild!

Credit to Author: Sameer Patil| Date: Fri, 08 Nov 2019 09:54:04 +0000

CVE-2019-0708, popularly known as BlueKeep, is a RDP pre-authentication vulnerability which allows attacker to compromise a vulnerable system without user’s interaction. This exploit is also wormable, meaning that it can spread to other vulnerable systems in a similar way as the WannaCry malware spread across the globe in 2017. Interestingly,…

Read more

Microsoft works with researchers to detect and protect against new RDP exploits

Credit to Author: Eric Avena| Date: Thu, 07 Nov 2019 21:05:30 +0000

The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check.

The post Microsoft works with researchers to detect and protect against new RDP exploits appeared first on Microsoft Security.

Read more

The new CVE-2019-0708 RDP exploit attacks, explained

Credit to Author: Eric Avena| Date: Thu, 07 Nov 2019 21:05:30 +0000

The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check.

The post The new CVE-2019-0708 RDP exploit attacks, explained appeared first on Microsoft Security.

Read more

Pulse VPN patched their vulnerability, but businesses are trailing behind

Credit to Author: Pieter Arntz| Date: Fri, 18 Oct 2019 16:36:36 +0000

After a vulnerability in a popular business VPN solutions was discussed at length and an easy to use exploit is availbale, organizations still fail to apply the patch. What’s up?

Categories:

Tags:

(Read more…)

The post Pulse VPN patched their vulnerability, but businesses are trailing behind appeared first on Malwarebytes Labs.

Read more

New iOS exploit checkm8 allows permanent compromise of iPhones

Credit to Author: Thomas Reed| Date: Fri, 27 Sep 2019 16:48:42 +0000

A new exploit for iOS enables attackers to gain permanent access to iPhones, iPads, Apple Watches, and more—with zero potential for patching. Learn why this is possibly the biggest security news for iOS since its inception.

Categories:

Tags:

(Read more…)

The post New iOS exploit checkm8 allows permanent compromise of iPhones appeared first on Malwarebytes Labs.

Read more

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Credit to Author: Eric Avena| Date: Wed, 07 Aug 2019 23:50:25 +0000

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.

The post A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response appeared first on Microsoft Security.

Read more

A new Equation Editor exploit goes commercial, as maldoc attacks using it spike

Credit to Author: Gabor Szappanos| Date: Thu, 18 Jul 2019 16:00:18 +0000

Weaponized RTF documents adopt CVE-2018-0798, another Equation Editor vulnerability<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ltjXsAajVFc” height=”1″ width=”1″ alt=””/>

Read more

CVE-2019-0888: Use-After-Free in Windows ActiveX Data Objects (ADO)

Credit to Author: SophosLabs Offensive Security| Date: Tue, 09 Jul 2019 14:00:58 +0000

Details of the vulnerability we reported to Microsoft and was fixed in last month’s Patch Tuesday<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/-BE2g_tELic” height=”1″ width=”1″ alt=””/>

Read more