Critical vulnerability in RDP affects Windows operating systems

In recent days, a critical vulnerability has been detected in several versions of the Windows operating system.

Identified as CVE-2019-0708, and better known as BlueKeep, this vulnerability would allow remote code execution without the need to authenticate itself by exploiting a flaw in Remote Desktop Services (RDP).

The versions of Windows affected by this vulnerability are the following:

• Windows 7
• Windows Server 2008 R2
• Windows Server 2008
• Windows Xp
• Windows Server 2003

For its part, Microsoft released patches to correct this problem in its last update of May 2019. It is highly important to move forward with this update.

Additionally, we recommend validating that your Remote Desktop (RDP) services are not exposed to Internet. This is possible by blocking TCP port 3389 in perimeter network devices.

Redbanc employee, victim of social engineering in LinkedIn

Redbanc is a Chilean company who provides transaction processing services to the main banks in that country, fulfilling an extremely important role in the economic sector.

During the last few months, it was revealed that a company’s IT worker was victim of a social engineering attack, when he received a job proposal through the social network LinkedIn.

This information reached senator Felipe Harbor, who has asked for an official communication to the company through Twitter.

“I am informed that by the end of December @redbanc suffered an informatic attack on its banking interconnection network. It would be good for the company to show the magnitude, risks and control measures of such attack. “- Felipe Harboe (@felipeharboe) January 8, 2019

The attackers pretended to be recruiters who were looking for people to perform as developers. Once the victim contacted them, they agreed to a video call via Skype. During the meeting, the attackers sent him a file called ‘ApplicationPDF.exe’, which the victim had to complete to finish the application. This occurred within the corporate network.

If it wasn’t for the security systems implemented by the company, the attackers could have accessed the internal network and harm the business in multiple ways. Theft of customer information (PII), theft of credit card information (PCI), denial of service, deterioration of the corporate image, could be some consequences that would have happened if this attack was carried out successfully.

How is it possible for IT employees themselves to fall into this trap?

Cybercriminals use a form of social engineering known as phishing, that, in this case, involves creating scams through social networks, which are difficult for anyone to detect. This type of attacks does not require great technical knowledge (a penetration test is not carried out, at least in the first stage).

Even if the employee works in the IT area, he has the same needs and weaknesses as any other person (aspirations, acting with confidence, etc.). A climate of security awareness at a corporate level is required to reduce the probability of incidence facing this threat.