Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
'Backoff' Malware: Time To Step Up Remote Access Security
Newest First  |  Oldest First  |  Threaded View
JulietB730
JulietB730,
User Rank: Apprentice
10/20/2016 | 2:45:24 AM
Remote access
Security breach during remote access occurs because of easily hackable remote support tools. However, there are tools like on premise R-HUB remote support servers who provide better security as compared to hosted services and cannot be hacked easily as they work from behind the firewall.
Bprince
Bprince,
User Rank: Ninja
8/10/2014 | 10:35:13 AM
Re: Posture assessment is a must
I agree. Hackers are going to find ways to circumvent security, so it would be foolish for someone to contractual agree that if there is a breach they will be fired. But if you look at Target, this is kind of what happens anyway. If the higher ups feel you didn't do enough, or there is a need for the company to publicly save face, that executive is going to get the ax most likely.

BP
Robert McDougal
Robert McDougal,
User Rank: Ninja
8/10/2014 | 9:01:54 AM
Re: Posture assessment is a must
I couldn't agree more!  Executives need to feel the heat and until then nothing will change.

The Target breach got some attention since it was the first time an executive felt the heat but, once is not enough.
Dr.T
Dr.T,
User Rank: Ninja
8/4/2014 | 2:42:02 PM
Re: Posture assessment is a must
That is a smart idea but no Executive tie his/her own salary to the breaches that their company faces. They know they do not have control over security.
Dr.T
Dr.T,
User Rank: Ninja
8/4/2014 | 2:40:15 PM
Re: Way past time, actually
 

I basically agree with bot points, I would think we should not assume any OS is secure. We have been experiencing breaches in all OS available today, some more secure than others but no one is exceptional. 
Dr.T
Dr.T,
User Rank: Ninja
8/4/2014 | 2:37:18 PM
Guidelines
Thanks for sharing this article. Quite informative. I was thinking, Department of Homeland Security guideline is something we should be folllowing by default, however, black hats still find a way to compromise remote desktop functionalities. Better approach is always limit the number of remote administrative connections and constantly changing authentication method and monitoring authorization.
macker490
macker490,
User Rank: Ninja
8/3/2014 | 9:13:39 AM
Way past time, actually
1. use a secure o/s,-- one which does not allow itself or its apps to be modified without authentication.

2. insist on authentication for all software installs and updates as well as for transactions and e/mail

the internet evolved from a small, close knit family of technicians into a world-wide phenomenon.   during the evolution we havn't given security the attention we need in order to use this huge network for business purposes.

the tools exist.   all applications don't need to migrate onto more secure platforms. weaker platforms can be isolated behind firewalls and intranets.  
Thomas Claburn
Thomas Claburn,
User Rank: Ninja
8/1/2014 | 6:29:00 PM
Re: Posture assessment is a must
> IT JUST NEED MORE FUNDING!

How about tying executive pay to lack of security problems? Then you'd get your funding.
theb0x
theb0x,
User Rank: Ninja
8/1/2014 | 4:01:52 PM
Account Lockout fail
The Department of Homeland Security fails to mention that creating an Acount Lockout GPO in Windows does affect the Administrator account.
anon5710889055
anon5710889055,
User Rank: Apprentice
8/1/2014 | 3:15:23 PM
Posture assessment is a must
Relying on a generic remote access method is not gonna cut it.  Your connection must be encrypted, but the problem is when an infected machine connects via a VPN, it's tough to monitor encrypted traffic.  SSL VPN's have a posture assessment tool native that can do things like check the AV is up to date.  Now you need more, make sure anti phising is installed, firewall config is accurate, OS is up to date.  There are tools to increase secure remote access like GEARS and more.  IT JUST NEED MORE FUNDING!

 

-Disgrunted sys admin


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38193
PUBLISHED: 2022-08-16
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.
CVE-2022-38194
PUBLISHED: 2022-08-16
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
CVE-2022-38192
PUBLISHED: 2022-08-16
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userâ€â&b...
CVE-2022-38362
PUBLISHED: 2022-08-16
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
CVE-2022-30264
PUBLISHED: 2022-08-16
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the fl...