A new scanning tool is now available for checking if your computer is vulnerable to the BlueKeep security issue in Windows Remote Desktop Services.

Despite Microsoft rolling out a patch in mid-May, there are tens of thousands of devices exposing a Remote Desktop Protocol (RDP) service to the public internet.

Unpatched systems still at risk

BlueKeep (CVE-2019-0708) is a vulnerability that leads to remote code execution and could be leveraged to spread malware across connected systems without any interaction from the user.

It affects Windows 7, Windows Server 2008 R2, and Windows Server 2008 and is serious enough to warrant repeated warnings from Microsoft about the severity of the flaw and the strong recommendation to apply the patch.

The security community cautioned users and companies early on that leaving the issue unattended could have brutal consequences. So did the U.S. Government after exploiting the bug and achieving remote code execution.

After exploit modules starting cropping up and enough information became public, cybercriminals started to exploit BlueKeep in the wild. The payload exploited vulnerable systems en-masse for cryptocurrency mining but it was not a worm that would could have brought the attack to WannaCry’s destruction level.

The danger is not over, though. There are plenty of vulnerable systems exposed on the web and cybercriminals are not likely to spare them.

Read more »

A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow malicious programs to appear as a trusted program and thus bypass antivirus engines.

DLLs, or dynamic-link libraries, are Microsoft Windows files that other programs load in order to execute various functions contained in the DLL library.

When DLL files are loaded, executables will either specify the full path to the DLL file or just specify the name.

If a full path is used, such as c:\example\example.dll, the DLL will only be loaded from the specified location. On the other hand, if just the DLL name is given, such as example.dll, the DLL will first try to load it from the folder the executable resides in, and if it can’t be found, it will search other folders for the DLL and load it from there.

When a DLL is missing from the executable folder, attackers can use this search behavior to perform a DLL hijacking that causes the executable to load a malicious DLL instead.

Read more »

Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions.

Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password.

What’s more worrisome is that opportunistic attackers have already started exploiting this vulnerability in the wild within 2 days of its discovery in order to compromise vulnerable WordPress websites and install a malicious backdoor for later access.

Read more »

As the craze for the latest Off-White, Nike, and Adidas sneakers heats up, sites selling counterfeit kicks have popped up to capitalize on sneakerheads searching for the best deal. To make a bad deal even worse, hackers are now targeting these sites to install malicious Magecart scripts that also steal your credit card information.

Read more »

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised.

Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits.

Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells.

However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory.

Plundervolt resembles more with speculative execution attacks like Foreshadow and Spectre, but while Foreshadow and Spectre attack the confidentiality of SGX enclave memory by allowing attackers to read data from the secured enclave, Plundervolt attacks the integrity of SGX to achieve the same.
Read more »