The Federal Bureau of Investigation (FBI) has issued a cybersecurity alert for ransomware attacks that have compromised 49 entities in five critical infrastructure sectors, such as financial, government, healthcare, manufacturing, and information technology.
Security researchers have discovered a new version of Sarwent malware that has new command functionality, such as executing PowerShell commands and preference for using RDP.
Microsoft issued the January 2020 Security Updates that include 49 unique vulnerability fixes, 8 of those rated critical and 29 rated important. One of the patches addresses a CryptoAPI Spoofing vulnerability CVE-2020-0601. DHS CISA also issued an emergency directive with recommendations to patch this Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client.
A new botnet dubbed “GoldBrute” targets 1.5 million publicly exposed RDP servers on the internet via brute force attack.
Security experts have been warning about bad actors soon developing exploits for a BlueKeep vulnerability that was patched by Microsoft earlier this month. Exploits in the wild are likely closer than ever after one security company spotted a huge uptick in scanning for BlueKeep over the weekend.
The Department of Homeland Security and the Federal Bureau of Investigation issued a security alert warning bad actors are using SamSam ransomware to target industries across the United States and worldwide.
Microsoft issued new security guidance on the Credential Security Support Provider protocol (CredSSP) vulnerability (CVE-2018-0886) that could allow remote code execution. As part of the updates, Microsoft plans to soon prevent un-patched RDP clients (that uses CredSSP) from authenticating to Windows.