Get Permission
Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify various distributed denial-of-service attacks, according to a report from application and network performance firm Netscout.
Netscout researchers have identified about 33,000 vulnerable Microsoft RDP servers that could be abused by threat actors to boost their DDoS attacks. RDP is a proprietary Microsoft communications protocol that system administrators and employees use to remotely connect to corporate systems and services.
Microsoft RDP can be configured by Windows systems administrators to run on TCP port 3389 or UDP port 3389, according to the report.
The researchers found that when the Microsoft RDP service is configured to UDP port 3389, attacks could amplify network packets from vulnerable ports and redirect that traffic to targeted IP addresses, increasing the size of a DDoS attack at little cost, according to the report.
InfoRiskToday
May 5, 2021
Compliance
euroinfosec) • January 15, 2021
Capitol riot suspect Aaron Mostofsky (Source: New York Post, as cited in criminal complaint)
Many of the insurrectionists who marched on the Capitol on Jan. 6 and violently forced their way into the building livestreamed their activities or boasted about them via social media. So far, those self-identifying actions have helped law enforcement authorities identify some of the more than than 70 individuals charged.
The riot, which occurred as lawmakers were beginning to certify President-elect Joe Biden s Electoral College victory, led to the death of five individuals, including one Capitol police officer who authorities say was hit with a fire extinguisher. Dozens more individuals were injured, and lawmakers and their staff hid around the building to avoid the intruders, some of whom were carrying firearms and zip ties.
BankInfoSecurity
May 5, 2021
DougOlenick) • January 14, 2021 Get Permission
The Conti news website where the ransomware gang posts exfiltrated data in an attempt to extort victims to pay a ransom (Source: Cybereason)
Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason’s Nocturnus Team, which offers an in-depth analysis of how the malware works.
The malware is known for how fast it’s being updated, its ability to quickly encrypt a system and its auto-spreading functionality, according to the report.
Cybereason researcher Lior Rochberger says the actors behind Conti have released three versions of the malware since it burst onto the scene in May 2020, improving its effectiveness with each new variant.
GovInfoSecurity
Compliance
gsuparna) • January 11, 2021
Adam Turteltaub, chief engagement and strategy officer at the Society of Corporate Compliance and Ethics Adam Turteltaub, chief engagement and strategy officer at the Society of Corporate Compliance and Ethics, says compliance teams should create a dashboard of data that will help keep track of actions taken by staff members who are working remotely. “Data analytics and dashboards help compliance teams to look at data and understand if the current compliance program is actually working for them,” he says. If your data is in different places, it is very hard to convince regulators that you truly have a thorough compliance program.”
Although two earlier executive orders from President Donald Trump banning the use of the Chinese-made apps TikTok and WeChat are still hung up in the courts, the president has issued a new executive order banning eight other Chinese apps, citing threats they pose to national security, economy and foreign policy.
The new executive order, however, will not take effect until February, which will likely allow President-elect Joe Biden to decide how - or if - it is enforced.
Trump s order announced Tuesday bans the apps Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay and WPS Office. The administration claims these applications collect user data that the Chinese government could then access this information to spy on American citizens.