#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

BlueKeep RDP Vulnerability | Breaking Cybersecurity News | The Hacker News

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Nov 03, 2019
Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining. In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed  BlueKeep , in its Windows Remote Desktop Services that could be exploited remotely to take full control over vulnerable systems just by sending specially crafted requests over RDP. BlueKeep, tracked as CVE-2019-0708 , is a wormable vulnerability because it can be weaponized by potential malware to propagate itself from one vulnerable computer to another automatically without requiring victims' interaction. BlueKeep has been considered to be such a serious threat that since its discovery, Microsoft and even government agencies [ NSA and GCHQ ] had continuously been encouraging Windows users and admins to apply security patches bef
4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

Aug 13, 2019
If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched ' BlueKeep ' RDP vulnerability. Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181 , CVE-2019-1182 , CVE-2019-1222 , and CVE-2019-1226 , can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction. Just like BlueKeep RDP flaw , all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically. "An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RD
cyber security

Cracking the Code to Vulnerability Management

websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report
New Report: Unveiling the Threat of Malicious Browser Extensions

New Report: Unveiling the Threat of Malicious Browser Extensions

Dec 06, 2023Browser Security / Privacy
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like  DataSpii  and the  Nigelthorn  malware attack have exposed the extent of damage that malicious extensions can inflict. In both cases, users innocently installed extensions that compromised their privacy and security. The underlying issue lies in the permissions granted to extensions. These permissions, often excessive and lacking granularity, allow attackers to exploit them. What can organizations do to protect themselves from the risks of browser extensions without barring them from use altogether (an act that would be nearly impossible to enforce)?  A new report by LayerX, "Unveiling the
Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List

Jul 25, 2019
Cybersecurity researchers have discovered a new variant of WatchBog , a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw . BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote attacker to take full control over vulnerable systems just by sending specially crafted requests over RDP protocol. Though the patches for the BlueKeep vulnerability (CVE–2019-0708) was already released by Microsoft in May this year, more than 800,000 Windows machines accessible over the Internet are still vulnerable to the critical flaw. Fortunately, even after many individuals in the security community developed working remote code exploits for BlueKeep, there is no public proof-of-concept (PoC) exploit available till the date, potentially preventing opportunistic hackers from wreaking h
Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

May 28, 2019
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what WannaCry and NotPetya like wormable attacks did in 2017. Dubbed BlueKeep and tracked as CVE-2019-0708, the vulnerability affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 editions and could spread automatically on unprotected systems. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code and take control of a targeted computer just by sending specially crafted requests to the device's Remote Desktop Service (RDS) via the RDP—without requiring any interaction from a user. Describing the BlueKeep vulnerability as being Wormable
Cybersecurity Resources