#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

RDP server hacking | Breaking Cybersecurity News | The Hacker News

Category — RDP server hacking
Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

Jul 02, 2020
A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole , a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions. According to a report published by Check Point Research and shared with The Hacker News, the flaws grant "an attacker, who has already successfully compromised a computer inside the organization, to launch an attack on the Guacamole gateway when an unsuspecting worker tries to connect to an infected machine." After the cybersecurity firm responsibly disclosed its findings to Apache, the maintainers of Guacamole, on March 31, the company released a patched version in June 2020. Apache Guacamole is a popular open-source clientless remote desktop gateways solution. When installed on a company'
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V

Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V

Aug 07, 2019
Remember the Reverse RDP Attack ? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. (You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP clients, in a previous article written by Swati Khandelwal for The Hacker News.) At the time when researchers responsibly reported this path-traversal issue to Microsoft, in October 2018, the company acknowledged the issue, also known as " Poisoned RDP vulnerability ," but decided not to address it. Now, it turns out that Microsoft silently patched this vulnerability  (CVE-2019-0887) just last month as part of its July Patch Tuesday updates after Eyal Itkin, security researcher at CheckPoint, found the same issue affecting Microsoft's Hyper-V technology as well. Microsoft
How to Get Going with CTEM When You Don't Know Where to Start

Want To Excel in Cybersecurity Risk Management?

Georgetown UniversityWebinar / Risk Management
Manage cybersecurity risk with a Georgetown master's degree. Learn more in our Oct. 23 webinar.
New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Jun 07, 2019
Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute , the botnet scheme has been designed in a way to escalate gradually by adding every new cracked system to its network, forcing them to further find new available RDP servers and then brute force them. To fly under the radar of security tools and malware analysts, attackers behind this campaign command each infected machine to target millions of servers with a unique set of username and password combination so that a targeted server receives brute force attempts from different IP addresses. The campaign, discovered  by Renato Marinho at Morphus Labs, works as shown in the illustrated image, and its modus operandi has been explained in the following steps: Step 1 — After successfully brute-forcing an RDP server, the attacker installs a JAVA-based GoldBrute botnet malware
cyber security

Master the Art of AI-powered Cybersecurity

websiteNVIDIAArtificial Intelligence / Cybersecurity
Learn to build and manage advanced AI workflows that safeguard data against emerging threats, enhancing your ability to detect and respond to potential security breaches with this free course.
Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions

Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions

Jun 04, 2019
A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP). Tracked as CVE-2019-9510 , the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions. Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists when Microsoft Windows Remote Desktop feature requires clients to authenticate with Network Level Authentication (NLA), a feature that Microsoft recently recommended as a workaround against the critical BlueKeep RDP vulnerability . According to Will Dormann, a vulnerability analyst at the CERT/CC, if a network anomaly triggers a temporary RDP disconnect while a client was already connected to the server but the login screen is locked, then "upon reconnection the RDP session will be restored to an unlocked state, regardless of how the remote system was left." "Starting with W
Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs

Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs

Feb 05, 2019
You've always been warned not to share remote access to your computer with any untrusted people for many reasons—it's basic cyber security advice, and common sense, right? But what if I say, you should not even trust anyone who invites or offers you full remote access to their computers? Security researchers at cybersecurity firm Check Point have discovered more than two dozen vulnerabilities in both open-source RDP clients and Microsoft's own proprietary client that could allow a malicious RDP server to compromise a client computer, reversely. RDP, or Remote Desktop Protocol, allows users to connect to remote computers. The protocol is usually used by technical users and IT administrators to remotely connect to other devices on the network. RDP was initially developed by Microsoft for its Windows operating system, but there are several open source clients for the RDP protocol that can be used on Linux as well as Unix systems. Check Point researchers recently
Hacker Puts Airport's Security System Access On Dark Web Sale For Just $10

Hacker Puts Airport's Security System Access On Dark Web Sale For Just $10

Jul 11, 2018
If you can't find it on Google, you will definitely find it on the Dark Web . Black markets on the Dark web are not known for just buying drugs, it is a massive hidden network where you can buy pretty much anything you can imagine—from pornography, weapon, and counterfeit currencies, to hacking tools, exploits, malware, and zero-days. One such type of underground marketplace on Dark Web is RDP Shop, a platform from where anyone can buy RDP access (remote desktop protocol) to thousands of hacked machines for a small fee. While investigating several underground RDP shops, security researchers from the McAfee's Advanced Threat Research team discovered that someone is selling remote access linked to security systems at a major International airport for as low as $10. Yes, that's $10, I didn't miss any zeros. Instead of buying RDP credential, researchers used the Shodan search engine to find the correct IP address of the hacked Windows Server machine, whose ad
Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

Critical Flaws Found in Windows NTLM Security Protocol – Patch Now

Jul 12, 2017
As part of this month's Patch Tuesday , Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007. Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain. NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems. Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely. The first vulnerability involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second impact Remote Desktop Protocol (RDP) Restricted-Admin mode. L
BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

BrutPOS Botnet Compromises insecure RDP Servers at Point-of-Sale Systems

Jul 10, 2014
Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, says researchers from FireEye. The new botnet campaign, dubbed as BrutPOS , aims to steal payment card information from the POS systems and and other places where payment data is stored, by targeting Microsoft Remote Desktop Protocol (RDP) servers that were disgracefully using poorly secured and simple passwords. Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging
Expert Insights / Articles Videos
Cybersecurity Resources