Skip to main content

Posts

Showing posts from December 26, 2019

Hackers Abuse RDP Service to Exfiltrate Data and Drop Different Malicious Payloads

Hackers abuse legitimate RDP service to use fileless attack techniques for dropping multi-purpose off-the-shelf tools for device fingerprinting and to deploy malicious payloads ranging from ransomware to cryptocurrency miners. The Remote Desktop is the built-in feature with most of the Windows installation and it has built-in file-sharing functionality that is used by the attackers as an infection vector. Abusing Remote Desktop Server Feature The infection starts by abusing the feature of the Windows Remote Desktop Server in which the  RDP  client shares the virtual network file share location named “ tsclient ” of the connected computer. Attackers use these paths to create multiple-letter directory names. PC Drives According to Bitdefender researchers  report , the attackers placed a malicious component of the attack named  worker.exe  located on the network share on the “tsclient” network location and it can be executed using explorer.exe or ...

Apple Opens Its Invite-Only Bug Bounty Program to All Researchers

As  promised by Apple  in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its  launch  three years ago,  Apple's bug bounty program  was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system. However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple,  announced  the company's upcoming  extended bug bounty program  which included three main highlights: an enormous increase in the maximum reward from $200,000 to $1.5 million, accepting bug reports for all of its operating systems and latest hardware, opening the program for all researchers. Now starting from tod...