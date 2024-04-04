Windows TCO, Kernel, and PCLinuxOS
Windows TCO
Cybercriminals Abused Remote Desktop Protocol (RDP) in 90% of Attacks Handled by Sophos Incident Response in 2023
This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020.
In addition, external remote services such as RDP were the most common vector by which attackers initially breached networks; they were the method of initial access in 65% of IR cases in 2023. External remote services have consistently been the most frequent source of initial access for cybercriminals since the Active Adversary reports were launched in 2020, and defenders should consider this a clear sign to prioritize the management of these services when assessing risk to the enterprise.
“External remote services are a necessary, but risky, requirement for many businesses. Attackers understand the risks these services pose and actively seek to subvert them due to the bounty that lies beyond. Exposing services without careful consideration and mitigation of their risks inevitably leads to compromise. It doesn’t take long for an attacker to find and breach an exposed RDP server, and without additional controls, neither does finding the Active Directory server that awaits on the other side,” said John Shier, field CTO, Sophos.
City of Hope updates a breach disclosure, reports 827,149 patients affected in ransomware attack last year
In December, DataBreaches learned from a reliable source that the attack was the work of AlphV, aka BlackCat. However, the information was provided off the record, so DataBreaches could not report it then. Shortly thereafter, law enforcement seized AlphV’s leak site and infrastructure. The COH listing had not appeared on the leak site before the site was seized, so this is the first time the attack has been publicly linked to AlphV.
Kernel Space
LWN ☛ Hardening the kernel against heap-spraying attacks
While a programming error in the kernel may be subject to direct exploitation, usually a more roundabout approach is required to take advantage of a security bug. One popular approach for those wishing to take advantage of vulnerabilities is heap spraying, and it has often been employed to compromise the kernel. In the future, though, heap-spraying attacks may be a bit harder to pull off, thanks to the "dedicated bucket allocator" proposed by Kees Cook.
Consider, for example, a use-after-free bug of the type that is, unfortunately, common in programs written in languages like C. Memory that is freed can be allocated to another user and overwritten; at that point, the code that freed the memory prematurely is likely to find an unpleasant surprise. The surprise will become even less endearing, though, if an attacker is able to control the data that is written into the freed memory. Often, that is all that is needed to turn a use-after-free bug into a full kernel compromise.
PCLinuxOS
PCLinuxOS Magazine ☛ PCLinuxOS Screenshot Showcase
PCLinuxOS Magazine ☛ From The Chief Editor's Desk...
Since I worked for 35 years in health care, I have been acutely aware of these effects of daylight savings time, and the studies that supported those effects. I spent many years (about 1/3 of my work time) working the night shift, where the bi-annual time dance really didn't have much effect. But, the other 2/3 of the time I was working, it was on the day shift, where daylight savings time has a real effect. Yes, just as the studies showed, we were much busier at the hospital in the days right after the “spring forward” nonsense, seeing patients suffering negative health effects that could easily be traced back to the time change.
