BlueKeep Remote Code Execution Bug in RDP Exploited En Masse

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/bluekeep-remote-code-execution-bug-in-rdp-exploited-en-masse/

The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP).

 

[upnorth]

Resources

WithSecure™ business cyber security resources for solutions and software, information on data breaches, managed cyber security services for businesses, & more.

www.f-secure.com

 

[LASER_oneXM]

Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now

The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure.

www.bleepingcomputer.com

 

[LASER_oneXM]

Australian Govt Warns of Active Emotet and BlueKeep Threats

The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) together with state and territory partners warns businesses and people of Emotet and BlueKeep threats being active in the wild.

www.bleepingcomputer.com

 

[silversurfer]

BlueKeep Attacks Crash Systems Due to Meltdown Patch

The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to the Meltdown patch being installed.

www.securityweek.com