RDP Clients Vulnerable to Remote Execution Attack
Researchers at CheckPoint discovered a total of no less than 25 vulnerabilities in popular implementations of the Remote Desktop Protocol (RDP) found in client software such as Microsoft’s Remote Terminal Services Client (mstsc), FreeRDP and rdesktop which is used to remote log in to servers by IT staff around the world. According to the report, 15 out of these 25 CVE-listed vulnerabilities could be used for remote code execution, due to the fact that the RDP client does not check the length of packets received from the RDP server, which leads to out-of-bound reads and integer overflows. Patches have been released for rdesktop, which is secure as of version 1.8.4 and FreeRDP as of 2.0.0-rc4. Interestingly, despite the findings, Microsoft does not believe these vulnerabilities apply to mstsc and therefore no patch is available. To read about this in more detail, please follow the link here.
Health Sector Remains Top Target for Databreaches
Over 812 data breaches were reported in 2018, according to a recently released report from the Australian Information Commissioner (OAIC). Close to two-thirds of these breaches were attributed to malicious or criminal attacks, while 33% involved human error and 3 percent was related to system faults. The last quarter of 2018 saw a total of 262 breach notifications, a 7% increase from the quarter prior. What stood out in the report is that the health sector remains the leading source of data breaches and that phishing is the most effective attack vector.
Business Email Compromise actors exploit Gmail Dot Accounts to Scale Operations
Security researcher Ronnie Tokazowski from Agari reports in a blog post that cybercriminals are exploiting a feature of Google’s Gmail platform called ‘dot-accounts’ to scale scam operations. For those unfamiliar with the concept, one thing that makes Gmail accounts unique is the fact that all dot-variations of a particular Gmail e-mail address are sent to the same mailbox. For example, john.smith@gmail.com, jo.hn.sm.ith@gmail.com and j.o.h.n.s.m.i.t.h@gmail.com would all be acceptable variations of the e-mail address associated with a single recipient. According to the article, in one case, a scammer was able to submit twenty-two separate applications, each under a different identity and successfully open over $65,000 in fraudulent credit cards at a single financial institution.
While not much can be done about this, the silver lining is that searching for instances of excessive dots in newly created accounts is one way online services can identify potential instances of abusive activity, where threat actors use variants of Gmail dot accounts for fraudulent or nefarious activity.
Contact Us today to find out how Thomas Duryea Logicalis can support you with your organisation's security concerns and posture.
