Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
'Backoff' Malware: Time To Step Up Remote Access Security
Newest First  |  Oldest First  |  Threaded View
JulietB730
50%
50%
JulietB730,
User Rank: Apprentice
10/20/2016 | 2:45:24 AM
Remote access
Security breach during remote access occurs because of easily hackable remote support tools. However, there are tools like on premise R-HUB remote support servers who provide better security as compared to hosted services and cannot be hacked easily as they work from behind the firewall.
Bprince
50%
50%
Bprince,
User Rank: Ninja
8/10/2014 | 10:35:13 AM
Re: Posture assessment is a must
I agree. Hackers are going to find ways to circumvent security, so it would be foolish for someone to contractual agree that if there is a breach they will be fired. But if you look at Target, this is kind of what happens anyway. If the higher ups feel you didn't do enough, or there is a need for the company to publicly save face, that executive is going to get the ax most likely.

BP
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/10/2014 | 9:01:54 AM
Re: Posture assessment is a must
I couldn't agree more!  Executives need to feel the heat and until then nothing will change.

The Target breach got some attention since it was the first time an executive felt the heat but, once is not enough.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/4/2014 | 2:42:02 PM
Re: Posture assessment is a must
That is a smart idea but no Executive tie his/her own salary to the breaches that their company faces. They know they do not have control over security.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/4/2014 | 2:40:15 PM
Re: Way past time, actually
 

I basically agree with bot points, I would think we should not assume any OS is secure. We have been experiencing breaches in all OS available today, some more secure than others but no one is exceptional. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/4/2014 | 2:37:18 PM
Guidelines
Thanks for sharing this article. Quite informative. I was thinking, Department of Homeland Security guideline is something we should be folllowing by default, however, black hats still find a way to compromise remote desktop functionalities. Better approach is always limit the number of remote administrative connections and constantly changing authentication method and monitoring authorization.
macker490
50%
50%
macker490,
User Rank: Ninja
8/3/2014 | 9:13:39 AM
Way past time, actually
1. use a secure o/s,-- one which does not allow itself or its apps to be modified without authentication.

2. insist on authentication for all software installs and updates as well as for transactions and e/mail

the internet evolved from a small, close knit family of technicians into a world-wide phenomenon.   during the evolution we havn't given security the attention we need in order to use this huge network for business purposes.

the tools exist.   all applications don't need to migrate onto more secure platforms. weaker platforms can be isolated behind firewalls and intranets.  
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/1/2014 | 6:29:00 PM
Re: Posture assessment is a must
> IT JUST NEED MORE FUNDING!

How about tying executive pay to lack of security problems? Then you'd get your funding.
theb0x
50%
50%
theb0x,
User Rank: Ninja
8/1/2014 | 4:01:52 PM
Account Lockout fail
The Department of Homeland Security fails to mention that creating an Acount Lockout GPO in Windows does affect the Administrator account.
anon5710889055
50%
50%
anon5710889055,
User Rank: Apprentice
8/1/2014 | 3:15:23 PM
Posture assessment is a must
Relying on a generic remote access method is not gonna cut it.  Your connection must be encrypted, but the problem is when an infected machine connects via a VPN, it's tough to monitor encrypted traffic.  SSL VPN's have a posture assessment tool native that can do things like check the AV is up to date.  Now you need more, make sure anti phising is installed, firewall config is accurate, OS is up to date.  There are tools to increase secure remote access like GEARS and more.  IT JUST NEED MORE FUNDING!

 

-Disgrunted sys admin


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8720
PUBLISHED: 2020-08-13
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-12300
PUBLISHED: 2020-08-13
Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-12301
PUBLISHED: 2020-08-13
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-7307
PUBLISHED: 2020-08-13
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
CVE-2020-8679
PUBLISHED: 2020-08-13
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.