Connect with us

Cyber Security

Microsoft warns Computer Users of BlueKeep Worm

Published

on

Microsoft revealed a major Windows security vulnerability earlier this month, that could see a widespread “wormable” attack that spreads from one vulnerable computer to the next. We saw a similar flaw back in 2017 which led to the WannaCry malware causing mayhem for thousands of machines.

While Microsoft has released patches for Windows systems, warns Simon Pope, director of incident response at Microsoft’s Security Response Center (MSRC). “It’s been only two weeks since the fix was released and there has been no sign of a worm yet.

Pope notes that it was nearly two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected. The EternalBlue exploit was leaked publicly, allowing hackers to create malware freely. This new BlueKeep flaw hasn’t yet been publicly disclosed, but that doesn’t mean there won’t be malware. “It is possible that we won’t see this vulnerability incorporated into malware,” says Pope. “But that’s not the way to bet.”

This new major Windows security exploit involves a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. These operating systems still make up a big chunk of the overall Windows machines in use, especially in corporate environments. Microsoft is now strongly advising system admins to update machines as soon as possible.

Source: TheVerge

Your I.T Guy. Tech Enthusiast. Web Analyst. DJ. Internet Evangelist. Content Creator. @techbysparks | @smashbysparks On A Mission Impossible By Others

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cyber Security

Authorities Take Down World’s Largest Illegal Dark Web Marketplace

Published

on

Europol on Tuesday said it shut down DarkMarket, the world’s largest online marketplace for illicit goods, as part of an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.’s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI).

At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, with over 320,000 transactions resulting in the transfer of more than 4,650 bitcoin and 12,800 monero — a sum total of €140 million ($170 million).

The illegal internet market specialized in the sales of drugs, counterfeit money, stolen or forged credit card information, anonymous SIM cards, and off-the-shelf malware.

In addition, the months-long intelligence operation also resulted in the arrest of a 34-year-old Australian national near the German-Danish border over the weekend, who is alleged to be the mastermind behind DarkMarket.

Continue Reading

Cyber Security

Microsoft Issues Patches for Defender Zero-Day

Published

on

Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, the latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure.

For organizations that are configured for automatic updating, no actions should be required, but one of the first actions a threat actor or malware will try to attempt is to disrupt threat protection on a system.

To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.

Continue Reading

Cyber Security

Zoom End-to-End Encryption Update

Published

on

Zoom, the world’s most popular video conferencing platform announced it will roll out an end to end encryption feature (E2EE) to all users (Free/Basic). This is coming after there has been an outrage over poor security on its cloud-based video conferencing platform.

It’s not clear when the feature will launch for all users, but the beta is arriving in July and Zoom intends to have some level of permissions so account administrators can disable or enable it at the account or group level.

To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message.

Other applications including Signal, Skype, and WhatsApp already offer E2EE in their messages and calls.

Zoom CEO Eric Yuan explains in its blog post, announcing its decision to bring E2EE to paid users only in early June. He explained that they want to be able to help law enforcement in investigations and that people who use Zoom to disrupt online meetings and to engage in criminal acts and facilitate horrible abuse generally use free (quasi-anonymous) accounts, also noting we are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.

Continue Reading

Trending