April 25, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: : Advantech WISE-PaaS/RMM Multiple Vulnerabilities
November 4, 2019Rewterz Threat Alert – Office 365 Phishing Campaign Baits Employees with Pay Raises
November 4, 2019Rewterz Threat Advisory – ICS: : Advantech WISE-PaaS/RMM Multiple Vulnerabilities
November 4, 2019Rewterz Threat Alert – Office 365 Phishing Campaign Baits Employees with Pay Raises
November 4, 2019
Severity
High
Analysis Summary
It has been almost six months since an eye opening vulnerability in Microsoft Windows RDP CVE 2019-0708, dubbed BlueKeep, was patched. Today, Security Researcher Kevin Beaumont posted a Twitter thread reporting BSODs (Blue Screen of Death) across his network of BlueKeep Honeypots.
Kevin kindly shared the crash dump with us and following this lead, we discovered the sample was being used in a mass exploitation attempt. Due to only smaller size kernel dumps being enabled, it is difficult to arrive at a definite root cause.
Impact
Coinmining
Affected Vendors
Microsoft
Affected Products
- Windows 7
- Windows Server 2008 R2
- Microsoft Windows Server 2008
- Windows XP (Out of support)
- Windows 2003 (Out of support)
Remediation
- Block the threat indicators at their respective controls.
- Immediately apply updates that patch the BlueKeep vulnerability.