Insights

RDP Gates Remain Open, Spying as a Service, and G-Suite Cleartext Passwords

by

This week’s security snacks:

  • Windows Vulnerabilities? RDP Open? Ignorance Is Bliss
  • I Spy With My Little HawkEye
  • G-Suite Fail: Clear Text Password Storage

Happy munching!  

Windows Vulnerabilities? RDP Open? Ignorance Is Bliss

Bite

Microsoft announced CVE-2019-0708, known as BlueKeep, back on May 14th. This is a security vulnerability which requires NO user authentication, yet many still haven’t patched.

Snack

It has now been two weeks since Microsoft announced a major security issue impacting their older operating systems. You know, the ones that are still in production for a lot of companies.

This security issue is very concerning for several reasons. The biggest is that due to the fact a hacker merely must be able to communicate with the machine over RDP (port 3389) in order to invoke a remote code execution attack. The trouble of course is that for many small to medium organizations, enabling RDP seemed like a great way to allow their systems admins to connect to systems for management purposes.

So, it might come to you as something of a shock that security firms put current estimates of upwards of 1 million devices currently connected to the Internet that are susceptible to this issue. Given that malicious variants of this code are being developed at present, the message on the street is…patch your systems now! Otherwise, opportunity might just come knocking.

Meal

For more info on this and how it impacts you visit: https://www.theregister.co.uk/2019/05/28/windows_rdp_attack_scan/.

I Spy With My Little HawkEye

Bite

Spying as a service has been the key value of the HawkEye application for a number of years, and now version 9 aims to offer more functionality

Snack

Tracing its early roots back as far as 2013, HawkEye, a malicious key logging application, has been trading on the dark web. For those who simply must know what keys are pressed and when, this has offered a means. Attackers can target companies to extract banking details, company secrets and more for financial exploitation purposes.

The latest revision of the tool brings some powerful new features in is arsenal, including the ability to phone a friend (aka download additional malware).

The current trend for distribution of this tool is via malicious is multifaceted: targeted emails, utilizing social engineering, a dash of executable code in the form of a malformed LNK file, and some PowerShell based script automation to magically invoke the processes.

The advice is to firm up on your security, educate end-users, and do things right from a security perspective with multifactor authentication.

Meal

Visit SC Magazine’s site for more information: https://www.scmagazineuk.com/malspam-hit-businesses-hawkeye-keylogger/article/1585799.

G-Suite Fail: Clear Text Password Storage

Bite

Google’s G-Suite has become the latest in a long line of services where companies could and should have done better with storing passwords securely.

Snack

In Google’s blog on May 21st, the company disclosed a problem with the hashing mechanism, a process whereby the original password is obfuscated. This resulted in passwords being stored in plain text, albeit that the files themselves are stored on encrypted disks.

The company advise that no miss-use of passwords and will continue to monitor the situation. Admins impacted by this issue have also been informed to change their password.

Meal

Visit the Hacker News site for more information:
https://thehackernews.com/2019/05/google-gsuite-plaintext-password.html.

Maurice Daly and Paul Winstanley
Microsoft MVPs

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.