Remote Desktop Protocol

BullWall Server Intrusion Protection Brings MFA Behind the Firewall To Protect Servers and Thwart Breach Attempts

Retrieved on: 
Thursday, September 7, 2023

BullWall , the global leader in ransomware protection for critical infrastructure, today introduced BullWall Server Intrusion Protection to protect servers from unauthorized access resulting from the use of compromised credentials during Remote Desktop Protocol (RDP) sessions.

Key Points: 
  • BullWall , the global leader in ransomware protection for critical infrastructure, today introduced BullWall Server Intrusion Protection to protect servers from unauthorized access resulting from the use of compromised credentials during Remote Desktop Protocol (RDP) sessions.
  • BullWall Server Intrusion Protection prevents RDP session hijacking and impedes breach progression to prevent the deployment of ransomware.
  • BullWall Server Intrusion Protection provides a game-changing MFA solution for server access that doesn’t require a second device.
  • BullWall Server Intrusion Protection blocks every step of such attacks, and demonstrates the highest levels of compliance and reporting.

Cybersecurity Experts from GoSecure Will Reveal Unprecedented Insights into RDP Attacks with Innovative Honeynet

Retrieved on: 
Wednesday, August 2, 2023

This comprehensive presentation unveils never-before-seen insights into Remote Desktop Protocol (RDP) attacks, empowering the cybersecurity community to combat modern threats effectively.

Key Points: 
  • This comprehensive presentation unveils never-before-seen insights into Remote Desktop Protocol (RDP) attacks, empowering the cybersecurity community to combat modern threats effectively.
  • “Yet again, our extremely talented researchers are recognized at the highest level for being at forefront of detecting cutting-edge cyber threats,” said Neal Creighton, GoSecure CEO.
  • The observations of the data set allow our team to identify five profiles of behavior described in this presentation.
  • If attackers are scared enough, they will have to change their strategies, and this will influence their attacks’ cost-benefit.

New Report: Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers

Retrieved on: 
Tuesday, August 1, 2023

In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps) , Halcyon demonstrates a unique technique for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively.

Key Points: 
  • In this report, titled Cloudzy with a Chance of Ransomware: Unmasking Command-and-Control Providers (C2Ps) , Halcyon demonstrates a unique technique for identifying C2P entities that can be used to forecast the precursors to major ransomware campaigns and other advanced attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates Halcyon tracks as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively.
  • “This report is only a slice of a very large pie,” said Jon Miller, CEO & Co-founder, Halcyon.
  • Halcyon identifies that Cloudzy - which accepts cryptocurrencies in exchange for anonymous use of its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services – appears to be the common service provider supporting ransomware attacks and other cybercriminal endeavors.
  • Halcyon identified two previously unknown ransomware affiliates dubbed Ghost Clown and Space Kook currently deploying BlackBasta and Royal ransomware strains, respectively.

Palo Alto Networks Xpanse Active Attack Surface Management Automatically Remediates Cyber Risks Before They Lead to Cyberattacks

Retrieved on: 
Monday, December 12, 2022

SANTA CLARA, Calif., Dec. 12, 2022 /PRNewswire/ -- Cyberattackers today use highly automated methods to quickly find and exploit weaknesses in target organizations — sometimes within minutes of a new vulnerability being disclosed. Most security teams try to find these weaknesses, but because they are doing this with manual tools they quickly fall behind. Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, introduced a new Cortex® capability: Xpanse Active Attack Surface Management, or Xpanse Active ASM. This helps security teams not just actively find but also proactively fix their known and unknown internet-connected risks. Xpanse Active ASM equips organizations with automation to give them the edge over attackers.

Key Points: 
  • Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, introduced a new Cortex capability: Xpanse Active Attack Surface Management , or Xpanse Active ASM.
  • Organizations need an active defense system that operates faster than attackers can," said Matt Kraning, chief technology officer of Cortex for Palo Alto Networks.
  • Palo Alto Networks recently announced a multiyear deal for Cortex Xpanse to equip the Department of Defense with Internet Operations Management capabilities.
  • Palo Alto Networks, Cortex, and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world.

Kasm Workspaces Adds Microsoft Windows Desktop Support to DaaS, VDI & App Streaming Solution

Retrieved on: 
Friday, December 2, 2022

MCLEAN, Va., Dec. 2, 2022 /PRNewswire/ -- Kasm Technologies , an industry leader in streaming cloud workloads to the web browser, today announced Microsoft Windows Desktop Support in Kasm Workspaces v1.12 .

Key Points: 
  • MCLEAN, Va., Dec. 2, 2022 /PRNewswire/ -- Kasm Technologies , an industry leader in streaming cloud workloads to the web browser, today announced Microsoft Windows Desktop Support in Kasm Workspaces v1.12 .
  • Kasm Workspaces supports Workspace creation, session handling and rendering for servers over the Remote Desktop Protocol (RDP) or KasmVNC protocols, including support for Microsoft Windows.
  • Kasm Windows Service- An optional companion Windows service that provides the ability to upload/download files to the desktop when enabled by group settings.
  • Windows Workstation and Server Support Windows is supported across the product line, with compatibility across Windows 10, Windows 11, and Server 2019.

Stolen Credentials Selling on the Dark Web for Price of a Gallon of Gas

Retrieved on: 
Thursday, July 21, 2022

Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers.

Key Points: 
  • Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers.
  • Zero Days (vulnerabilities that are not yet publicly known) are retailing at 10s of thousands of dollars on dark web markets.
  • Now the technology and training is available for the price of a gallons of gas.
  • The firm collected dark web marketplace listings using their automated crawlers that monitor content on the Tor network.

Attacker Dwell Time Increased by 36%, Sophos’ Active Adversary Playbook 2022 Reveals

Retrieved on: 
Tuesday, June 7, 2022

OXFORD, United Kingdom, June 07, 2022 (GLOBE NEWSWIRE) -- Sophos, a global leader in next-generation cybersecurity, today released the “Active Adversary Playbook 2022,” detailing attacker behaviors that Sophos’ Rapid Response team saw in the wild in 2021. The findings show a 36% increase in dwell time, with a median intruder dwell time of 15 days in 2021 versus 11 days in 2020. The report also reveals the impact of ProxyShell vulnerabilities in Microsoft Exchange, which Sophos believes some Initial Access Brokers (IABs) leveraged to breach networks and then sell that access to other attackers.

Key Points: 
  • Sophos research also shows that intruder dwell time was longer in smaller organizations environments.
  • Attackers consider larger organizations to be more valuable, so they are more motivated to get in, get what they want and get out.
  • Smaller organizations have less perceived value, so attackers can afford to lurk around the network in the background for a longer period.
  • To learn more about attacker behaviors, tools and techniques, read the Sophos Active Adversary Playbook 2022 on Sophos News.

Zscaler Unveils Industry-First Security Service Edge Innovations to Protect Enterprises from the Most Sophisticated Cyber Attacks

Retrieved on: 
Tuesday, March 22, 2022

Zscalers new capabilities expand user expectations of SSE and provide a new standard for managing Secure Access Service Edge (SASE) architecture.

Key Points: 
  • Zscalers new capabilities expand user expectations of SSE and provide a new standard for managing Secure Access Service Edge (SASE) architecture.
  • The new Zscaler ZPA capabilities address key requirements for enterprises that are taking the important step to modernize their security architecture.
  • Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange is the worlds largest in-line cloud security platform.
  • Zscaler and the other trademarks listed at https://www.zscaler.com/legal/trademarks are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries.

Sophos Discovers New Memento Ransomware

Retrieved on: 
Thursday, November 18, 2021

OXFORD, United Kingdom, Nov. 18, 2021 (GLOBE NEWSWIRE) -- Sophos , a global leader in next-generation cybersecurity, has released details of a new Python ransomware called Memento.

Key Points: 
  • OXFORD, United Kingdom, Nov. 18, 2021 (GLOBE NEWSWIRE) -- Sophos , a global leader in next-generation cybersecurity, has released details of a new Python ransomware called Memento.
  • The research, New Ransomware Actor Uses Password Protected Archives to Bypass Encryption Protection , describes the attack, which locks files in a password-protected archive if the Memento ransomware cant encrypt the targeted data.
  • Human-led ransomware attacks in the real world are rarely clear cut and linear, said Sean Gallagher, senior threat researcher at Sophos.
  • Integrated endpoint detection and response, including Sophos Extended Detection and Response (XDR) , can help capture nefarious activities, such as when attackers create password-protected archives like those used in the Memento ransomware attack.

Remote Desktop by IDrive Protects Organizations from RDP Cyber Attacks and Vulnerabilities

Retrieved on: 
Friday, October 8, 2021

Serious risk factors that have led to the rise in RDP attacks are unrestricted access to RDP ports, and weak passwords which organizations rarely manage, leaving themselves vulnerable to password reuse DDOS attacks.

Key Points: 
  • Serious risk factors that have led to the rise in RDP attacks are unrestricted access to RDP ports, and weak passwords which organizations rarely manage, leaving themselves vulnerable to password reuse DDOS attacks.
  • By implementing the following security measures, Remote Desktop is able to assist organizations in protecting RDP:
    Closed RDP Ports - most RDP connections listen on Port 3389, enabling attackers to accurately guess this number and reach computers with misconfigured firewall rules.
  • Remote Desktop does not require the user to expose the RDP Ports to the public and change any firewall rules / ACLs to enable remote desktop access.
  • Remote Desktop provides a secure remote access solution that does not require users to configure a VPN, Microsoft RD Gateway, public servers/IP, or firewall changes.