Posted on 11/03/2019 7:47:14 AM PST by DUMBGRUNT
Hackers are using BlueKeep to break into Windows systems and install a cryptocurrency miner.
Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen last May when it issued a dire warning and urged users to patch.
Instead, a hacker group has been using a demo BlueKeep exploit released by the Metasploit team back in September to hack into unpatched Windows systems and install a cryptocurrency miner.
This BlueKeep campaign has been happening at scale for almost two weeks, but it's been only spotted today by cybersecurity expert Kevin Beaumont.
At one point in the future, some low-skilled threat actor will figure out how to run BlueKeep properly, and that's when we'll see it used more broadly. Chances are that it's still going to be used to mine cryptocurrency -- the same thing for which EternalBlue is also mostly used nowadays.
Despite having months to patch systems, the latest headcount of publicy-accessible Windows systems that expose an RDP endpoint online and are vulnerable to BlueKeep is at around 750,000. These scans don't include systems inside private networks, behind firewalls.
(Excerpt) Read more at zdnet.com ...
Scripts and vulnerabilities are the problem. Exploits take advantage of unpatched vulnerabilities.
A lot of the benefit Openurmind talks to with Linux could be approximated by logging into your Windows computer through a non-Administrator-equivalent user account. You can make one of these accounts in the User Accounts area in Windows.
I know youre just joking. But actually, I suspect this malware could not affect/infect Win95 anyway, since its not NT-based.
That is one positive, along with USB support in OSR2! To the tune of "Oh our old Lasalle ran great," read with rose-colored glasses.
I stand corrected to a point. When I say cookies are getting smarter I speak of tracking cookies that can infect your browser while in use, such as tracking cookies. Scripts and exploits are indeed the problem, especially “drive by downloads”. Which goes back to my original well intentioned and correct premise that clearing cookies, and blocking cookies, does not protect you from the scripts. Only a good script blocker can do this, and daily they figure out ways to get around even these. Now and then the script count doesn’t always add up to the same number of scripts blocked in my blocker list, this means while my blocker does count them, it doesn’t see them or who they are associated with and does not give any options with these. At least they are being block by default, I think...? They are hidden so I’m not sure.
Your suggestion to use a different account in windows is great, I wonder how come it is not more prevalent as common knowledge and practiced more especially for surfing. But I wonder how many will actually make the effort to switch back and forth as needed? I still like the linux concept that one has to root into a whole different isolated partition. I like having three different partitions keeping everything isolated away from each other rather than everything on one partition as default like windows. For myself this is the huge difference in system security. I also like not needing an antivirus at all.
But I have a curiosity because I really don’t know if you don’t mind? But if you are logged in a non-admin account in windows is it absolutely secure? Probably not a good idea to access the shared folders and downloaded files from admin? Just curious so that I can add it to my limited knowledge base and help friends who have windows. :)
Sadly, you can't patch XP and Vista anymore, and it's getting close to the point where you won't be able to patch Win7 either. Best to move off to a real operating system. Linux Mint is friendly enough for many folks.
This is a reasonable article on this matter:
To be successful, malware and other security exploits frequently leverage the powers of highly privileged Windows user accounts. It’s not entirely a shock, then, that a new report reveals that 86 percent of all Windows security threats patched in 2015 would have been stopped or rendered toothless if they had attacked users who were using limited, rather than administrator, accounts, and hence lacked the power to install, modify or delete software.
How to Set Up Limited User Accounts in Windows 10
https://www.laptopmag.com/articles/limited-user-accounts-windows-10
Remember, the ISC knows your external IP address, your name and physical address and can sell this information to others.
Thank you for sharing that, I can’t believe that so many are not hip to this. while it might be slightly inconvenient it is well worth the extra effort to practice it. I still run into people who are annoyed with needing to password with everything in linux. But to be safer it really is worth the extra effort in both cases.
I’m still curious though if you don’t mind, maybe I missed it, but would there be any vulnerabilities from accessing and using the guest account downloaded shared folders and files from admin? Or would it be a good practice to just not do this?
True in general, however Microsoft issued out-of-band, way-past-EOL patches for XP and Vista, specifically for BlueKeep, in May 2019.
"...Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705..."
That page provides patches for XP, Vista, and the associated releases of Windows Server.
HA! Didn't know that. Thanks! (not that I have any XP/Vista still hanging around)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.