Archive for the ‘Microsoft’ Category


A highly recommended skim from BleepingComputer:
The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes.

The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP).

Attacks are not wormable

Security researcher Kevin Beaumont noticed on Saturday that multiple honeypots in his EternalPot RDP honeypot network started to crash and reboot. They’ve been active for almost half a year and this is the first time they came down. For some reason, the machines in Australia did not crash, the researcher noted in a tweet.

First details about BlueKeep being the cause of these events came from MalwareTech, who investigated the crash dumps from Beaumont’s machines. He said that he “found BlueKeep artifacts in memory and shellcode to drop a Monero Miner.”

According to early analysis from MalwareTech, an initial payload runs an encoded PowerShell command that downloads a second PowerShell script, also encoded. The researcher says that the final payload is a cryptocurrency miner, likely for Monero, currently detected by 25 out of 68 antivirus engines on the VirtusTotal scanning platform.

Talking to BleepingComputer, the researcher said that the malware may not be a worm but it is mass-exploiting the BlueKeep bug. This indicates that the cybercriminals are using a BlueKeep scanner to find vulnerable systems exposed on the web and drop the cryptocurrency miner on them.

In an update, MalwareTech says that analysis of the network traffic does not indicate self-propagation, meaning that the server doing the exploitation gets the target IP addresses from a predefined list.

The first public BlueKeep exploit was added to Metasploit in September but scanners for the bug have been available before that date. MalwareTech’s analysis confirmed that the same code in the Metasploit module is also present in the malware.

It is likely that whoever is behind these attacks is using public resources and did not develop a reliable, wormable threat, as proved by Beaumont’s honeypot crashes.

A combination of cryptocurrency miner and a BlueKeep scanner was reported in July in a piece of malware called Watchbog, which typically focused on vulnerable Linux servers.

At the time, cybersecurity company Intezer said that integrating the scanner module for the RDP vulnerability alongside the Linux exploits “suggests that WatchBog is preparing a list of vulnerable systems to target in the future or to sell to third party vendors for profit.”

MalwareTech told us that the indicators of compromise Intezer provided for Watchbog do not seem to match the malware currently hitting machines vulnerable to BlueKeep.

These assaults generated over 26 million events on Beaumont’s honeypot infrastructure, which makes determining the indicators of compromise a more time consuming task. However, the researcher promised to sort through them for the relevant sequence and provide the data.

Brief BlueKeep history

BlueKeep (CVE-2019-0708) is a serious vulnerability that can allow malware to spread across connected systems without user intervention. Microsoft patched it on May 14, followed by a barrage of alerts about its severity from governments and security companies, some reiterating their concern.

Exploiting this RDP flaw for remote code execution (RCE) is not easy and the most common result of this endeavor is a crash of the target system. Security researchers that created a working exploit kept the details private to delay attackers creating their version and compromise still unpatched systems.

Two private exploit modules were developed in June and July, for Metasploit and CANVAS penetration testing tools. Both were hard to get as the former was private and the latter was delivered to subscribers that paid at least $32,480.

At the enterprise level, the worldwide update rate was 83% in June. However, this statistic did not count consumer machines. This suggests that the cybercriminals are likely hitting consumer computers.

The vulnerability does not affect all versions of Windows operating system. Microsoft’s advisory lists Windows 7, Windows Server 2008 R2, and Windows Server 2008.

Update [11/03/2019]: Article updated with information from MalwareTech’s analysis of the malware on Kryptos Logic blog

 



General Information

Executive Summary

Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.

The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.

Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. Read More…



After holding Windows 8.1 discount Cheap Oakleys ray ban sunglasses sale oakley back from developers, Microsoft relented and made Windows 8.1 and Windows 8.1 Pro RTM available to IT professionals and application developers through the TechNet and MSDN network this week.

The company changed its mind based on feedback from the IT community and will make available Windows 8.1, Windows 8.1 Pro and even Windows Server 2012 R2 RTM builds to the developer and IT pro community, said Steven Guggenheimer, Microsoft’s corporate vice president and chief evangelist, in a blog post.

“We heard from you that our decision to not initially release Windows 8.1 or Windows Server 2012 R2 RTM bits was a big challenge for our developer partners as they’re readying new Windows 8.1 apps and cheap oakleys sunglasses for IT professionals who are preparing for Windows 8.1 deployments…As we refine our delivery schedules for a more rapid release cadence, we are working on the best way Wholesale NFL Jerseys to support early releases to the various audiences within our ecosystem,” he wrote.

Microsoft’s Windows RTMs are typically available to developers, but the Windows 8.1 RTM was only made available to PC manufacturers a few cheap nfl jerseys weeks ago.

What was Microsoft thinking? If you want enterprises to deploy Windows 8, you need the IT community to test the <a уже href=”http://www.cheap-jordans-shoes-stores56.com/” target=”_blank”>jordan retro 11 latest version of the operating system in their own environment. If you cheap jerseys want Windows 8.1 bug-free apps available in the Microsoft Store Cheap MLB Jerseys when the operating system hits, developers need the latest RTMs. It’s really not rocket science.

Giving IT pros and app developers the Windows 8.1 RTMs is PROVED not just ray ban outlet about creating bug-free apps. New Windows 8-based mobile devices will become available Cheap Jordans Sale throughout the fourth quarter. Do you think those devices are going to sell without apps? We all know Windows 8 mobile devices are just a fraction of the OS and Android-based app ecosystem. Microsoft Cheap Jordan Shoes needs Free all the help they can get.

Given that enterprises are not Ray Ban Outlet deploying Windows 8 in droves, Microsoft really should have considered how NFL Jerseys Cheap their Windows 8.1 RTM release strategy could affect the entire ecosystem. Holding the Windows 8.1 and Windows 8.1 Pro RTM versions from developers clearly Ray Ban Outlet wasn’t the right move.
Posted by: Diana Hwang Original article

check this link right here now


Jan 6

A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a jordan retro 11 resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target.

Although a DoS attack does not usually result in the theft of information or other security loss, it can cost the target person or company a great deal of time and money. Typically, the loss of ray ban sunglasses service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. A denial of service attack can also destroy programming and files in affected computer systems. In some cases, DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.

<span Böyle style=”font-family: arial,helvetica,sans-serif”>Common forms of denial of service attacks are: Read More…