Hacks

Hackers abuse legitimate RDP service to use fileless attack techniques for dropping multi-purpose off-the-shelf tools for device fingerprinting and to deploy malicious payloads ranging from ransomware to cryptocurrency miners. The Remote Desktop is the built-in feature with most of the Windows installation and it has built-in file-sharing functionality that is used by the attackers as an infection vector. Abusing Remote Desktop Server Feature The infection starts by abusing the feature of the Windows Remote Desktop Server in which the  RDP  client shares the virtual network file share location named “ tsclient ” of the connected computer. Attackers use these paths to create multiple-letter directory names. PC Drives According to Bitdefender researchers  report , the attackers placed a malicious component of the attack named  worker.exe  located on the network share on the “tsclient” network location and it can be executed using explorer.exe or ...

Wireshark 3.0.7 released with a number of security updates and fixed several other bugs that reside in the Wireshark components. Wireshark also updated Protocol Support for various protocols such as BGP, HomePlug AV, IEEE 802.11, and  TLS . Wireshark 3.0.7  fixed the vulnerability {CVE-2019-19553)) that resides in the  CMS dissector  that affected the Wireshark version 3.0.0 to 3.0.6, 2.6.0 to 2.6.12. “It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.” Other Fixed Bugs in Wireshark 3.0.7 ws_pipe_wait_for_pipe() can wait on closed handles.  Bug 15696 . Support for 11ax in PEEKREMOTE.  Bug 15740 . The temporary file …​ could not be opened: Invalid argument.  Bug 15751 . Reassembling of the two TLS records is not working correctly.  Bug 16109 . Display Filter Area: Dropdown Missing pkt_comment and tcp.options.sack_perm (like...