Νέα Ασφάλειας

The number of daily brute-force attacks against Windows remote desktop service has almost doubled during the pandemic lockdown, telemetry data shows.

With the increase of remote workers during the COVID-19 period, many users no longer relied on the infrastructure monitored by the company to access sensitive information on the network.

Thousands of daily attacks

Personal device became the main instrument to connect to the work environment via remote desktop services, Windows Remote Desktop Protocol being the most prevalent.

Convenience in this context took precedence and many users set up easy-to-guess passwords without enforcing additional security layers, such as two-factor authentication.

Cybercriminals did not waste this opportunity and increased the number of brute-force attacks targeting RDP services, in an attempt to gain access to the company network, increase privileges to admin level, and deploy their malware.

Read more »

Microsoft acknowledged a new known issue leading to Local Security Authority Subsystem Service (LSASS) critical system process crashes and forced reboots on some Windows 10 devices.

LSASS is responsible for security policy enforcing on Windows systems and it is used by the system to add entries to the security log, as well as to handle user logins, password changes, and access token creation.

When LSASS fails, the user will immediately lose access to any accounts available on the machine, an error will be displayed, and the machine is forced to restart.

Read more »

Microsoft today announced the general availability of the Office 365 Safe Documents security feature which expands the protection provided by Protected View by checking untrusted documents for risks and known threats.

Safe Documents — launched in private preview in February — uses Microsoft Defender Advanced Threat Protection (ATP) to scan documents opened in Protected view and block users from editing them until a verdict is available.

Protected View is a read-only Office mode for opening documents deemed as potentially unsafe where most editing features are disabled to protect the users’ from threats.

“Although Protected View helps secure documents originating outside the organization, people too often exit the protection sandbox without considering if the document is safe – leaving their organizations vulnerable,” Microsoft said.

“To improve this trust promotion experience for Microsoft 365 Apps, Safe Documents takes away the guesswork by automatically verifying the document against the latest known risks and threat profiles before allowing users to leave the Protected View container.”

Read more »

Η έκθεση του Εθνικού CSIRT-CY περιγράφει τις τακτικές, τις τεχνικές και τις διαδικασίες (TTPs) που χρησιμοποιήθηκαν κατά τη διάρκεια της κυβερνοεπίθεσης που στόχευσε δίκτυα της Αυστραλιανής Κυβέρνησης αλλά και του ιδιωτικού τομέα (Πηγή: Australian Cyber ​​Security Centre (ACSC))

Τα TTPs καταγράφονται στο πλαίσιο τακτικών και τεχνικών που περιγράφονται στο πλαίσιο MITER ATT & CK®.

Read more »

Microsoft released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products.

This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with patch management while proceeding with caution that should not break anything during this lockdown season.

The 129 bugs in the June 2020 bucket for sysadmins and billions of users include 11 critical vulnerabilities—all leading to remote code execution attacks—and 118 classified as important in severity, mostly leading to privilege escalation and spoofing attacks.

Read more »