BlueKeep Attacks Crash Systems Due to Meltdown Patch

BlueKeep Attacks Crash Systems Due to Meltdown Patch

The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines.

The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft released patches, including for unsupported versions of Windows, in May.

The BlueKeep attacks used an exploit based on a Metasploit module released in September. While the attackers attempted to deliver a Monero miner, the exploit caused many of the targeted systems to crash, which actually led to researchers discovering the attacks.

Researcher Sean Dillon, aka zerosum0x0, who is one of the developers of the BlueKeep Metasploit module, has conducted an analysis and determined that the exploit likely causes devices to crash due to the presence of a patch for the Intel CPU vulnerability known as Meltdown. Dillon said his BlueKeep exploit development setup did not have the Meltdown patch installed, which is why he did not observe the crashes.

The researcher has proposed a fix that should make the exploit more reliable. In the meantime, Kevin Beaumont, the expert whose honeypots caught the BlueKeep exploitation attempts, says he has deployed more sensors, including ones that have been configured to make exploitation more stable. However, he stopped seeing attacks three days ago.

Beaumont’s honeypots started crashing on October 23, but he only realized that the crashes were caused by BlueKeep exploitation attempts on November 2. After Beaumont reported seeing attacks, Microsoft admitted that it had started noticing an increase in RDP-related crashes right after the Metasploit module was released in September.

Microsoft has once again advised customers to install the patches and warned that the exploit will likely also be used to deliver more “impactful and damaging” payloads.

While Microsoft and many others were concerned that the BlueKeep vulnerability would be used to create a worm, similar to how the EternalBlue exploit was used by the WannaCry ransomware back in 2017, the recent attacks did not involve a self-propagation component.

However, Marcus Hutchins, aka MalwareTech, the British researcher who helped Microsoft and Beaumont analyze the BlueKeep attacks, pointed out that attackers do not need to create a worm to launch profitable attacks and users should not ignore the threat just because a worm has not been created.

“Most BlueKeep vulnerable devices are servers. Generally speaking, Windows servers have the ability to control devices on the network. Either they’re domain admin, have network management tools installed, or share the same local admin credentials with the rest of the network,” Hutchins explained.

“By compromising a network server, it is almost always extremely easy to use automated tooling to pivot internally (Ex: have the server drop ransomware to every system on the network),” the researcher added.

“The real risk with BlueKeep is not a worm. A worm is pointless and noisy. Once an attacker is on the network, they can do far more damage with standard automated tools than they could ever do with BlueKeep,” Hutchins said.

There are still roughly 700,000 systems that appear to be vulnerable to BlueKeep attacks and the fact that malicious actors have started exploiting the flaw in the wild does not appear to have had any positive impact on patching efforts. The SANS Institute’s Internet Storm Center reported that the media coverage of the recent attacks does not appear to have influenced the rate at which users patch their devices.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Source: BlueKeep Attacks Crash Systems Due to Meltdown Patch

Nimbus-T Set to Issue NTC Token on the Fusion Blockchain to Support Innovative Identity Management Application for the Healthcare Sector

Nimbus-T Set to Issue NTC Token on the Fusion Blockchain to Support Innovative Identity Management Application for the Healthcare Sector

Fusion Foundation, the non-profit organization building the next generation infrastructure for decentralized global finance, today announced its collaboration with Nimbus-T, a healthcare platform that provides secure identity management and authentication in the healthcare sector to prevent fraud, improve interoperability and preserve data integrity.

Nimbus-T will issue the NTC utility token on the Fusion blockchain to serve as the “gas” that supports transactions and data transfers on their application.

“We evaluated numerous blockchain projects to identify the best fit to support our development needs,“ said Jose Bolanos, CEO of Nimbus-T. “We landed on Fusion because of its innovative feature set and unique interoperability solution.”

Fusion’s interoperability protocol known as Distributed Control Rights Management (DCRM) is currently being enhanced by a team of well-known cryptographers and is due to be unveiled later this year. The technology will enable Nimbus-T to connect with existing healthcare infrastructure and blockchain systems while empowering patients to maintain privacy and control over their health records and medical identities.

”Nimbus-T are introducing innovative new infrastructure to support patients and hospitals with data privacy and storage,” said Dejun Qian, Founder and CEO of Fusion. We think this is a natural fit for blockchain technology and are excited to part of the healthcare revolution.”

Nimbus-T’s patented technology empowers patients to create an encrypted QR code that can be used as a global healthcare identifier. The QR code can be stored on paper, mobile or ID card and manages all relevant patient information for medical documentation, genomic health, insurance information and more. The QR code will be registered and managed on the Fusion blockchain and distributed via the NTC token, enhancing security and facilitating fluid information transfer for Nimbus-T users.


Hackers targeting Apple, Google app stores with malicious crypto apps

Hackers targeting Apple, Google app stores with malicious crypto apps

Hackers are targeting app stores from the likes of Apple and Google with malicious cryptocurrency apps to steal money and personal data, according to a study. Researchers at cybersecurity firm RiskIQ analyzed more than 18,000 apps to detect ones that are blacklisted by cybersecurity vendors. Their research found that 661 blacklisted cryptocurrency apps were found across 20 app stores including Apple’s App Store, Google Play and others.


South Korea’s Cryptocurrency Crackdown Isn’t Stopping This Bitcoin Exchange’s Launch – WSJ

South Korea’s Cryptocurrency Crackdown Isn’t Stopping This Bitcoin Exchange’s Launch – WSJ

Cryptocurrency platform OKCoin is planning to launch a bitcoin exchange in South Korea as soon as next month, a move that comes as the country’s government is considering whether to shut down cryptocurrency exchanges altogether.
Beijing-based OKCoin, which previously ran one of the biggest bitcoin exchanges in China before the government there banned cryptocurrency exchanges on the mainland, now plans to branch out to South Korea, another Asian hot spot for crypto trading. It has launched an OKCoin Korea website and has accepted preorder registrations for more than 150,000 people since Friday. The exchange intends to make some 60 digital coins available for trading.


Japan a global leader in cryptocurrency investment | The Japan Times

Japan a global leader in cryptocurrency investment | The Japan Times

Japan is the global leader in the market development of cryptocurrencies — a global buzzword recently — some of which have seen their values skyrocket over the past year.
As of Jan. 15, yen accounts for 56.2 percent of bitcoin, or BTC, the most popular cryptocurrency, according to Yen is followed by U.S. dollars at 28.4 percent, while all others account for 15.4 percent. Chinese yuan used to account for the largest until January 2017, but dropped after the state imposed strict restrictions on cryptocurrency trading.


Why Blockchains and Identity Go Together

Why Blockchains and Identity Go Together

One area of online life most ripe for disruption is identity: How does anyone really know you are who you say you are?

Nowadays, credit agencies and social networks like Facebook act as the main gatekeepers for identity. But a host of entrepreneurs are designing new solutions to this age-old Internet conundrum by using blockchain technology, the digital ledger system that underlies cryptocurrencies like Bitcoin.

A few such blockchain boosters participated in a panel discussion about identity at the Silicon Slopes conference in Salt Lake City, Utah on Thursday. There they claimed that these distributed, tamper-resistant databases can counter the monopolizing forces that have come to control people’s identities.

Read more:How Blockchain Could Replace Social Security Numbers

The most obvious failure of the current state of affairs is Equifax (efx), said Vinny Lingham, co-founder and CEO of Civic, a startup that offers identity verification via a blockchain.

“These centralized databases are central points of failure for your identity,” Lingham said, noting that in the case of a hack—as occurred with Equifax—all that information gets compromised.

“With the current model of identity, you’ve got honeypots,” said Timothy Ruff, co-founder and CEO of Evernym, a startup that has developed its own blockchain, Sovrin, to help people manage their identities. But in the blockchain world, “there is no big pile of data—it doesn’t exist,” he said.

Rather than sitting on a small set of web servers controlled by a single business, blockchain-based data can be dispersed across a sprawling network of machines. Advocates, like the ones on the panel, say this architecture can grant regular users more ownership over their own data.

Michael Sena, who heads product at uPort, an identity service built on the Ethereum blockchain, said that to be truly in control of one’s own identity—or “self-sovereign”—a person must be in control of the cryptographic keys that allow them to interact with an access said blockchains.

“To be self-sovereign, you can’t be dependent on a decentralized network,” Sena said. “There needs to be the ability for users to determine how they handle keys.”

Get Data Sheet, Fortune’s technology newsletter.

In other words, just because a blockchain is involved doesn’t magically mean people have more control over their data. The crypto keys, which function sort of like long, complex passwords for securing information, are, well, key.

“If you are the self-sovereign over something, you are the final authority,” Ruff said. “As morbid or brash as it sounds, you have to be able to fire your identity provider.”

If and when blockchain-based identity projects reach critical mass in terms of user adoption, they could help get more decentralized services—like cryptocurrency exchanges, file storage providers, and prediction markets—off the ground. For true believers, solving identity is the first step toward realizing what they deem to be the next wave of the web.

Lingham, despite being bullish on blockchains and their future, expressed skepticism about some of the present mania for cryptocurrencies. “Out of the 3,000-plus tokens out there, most of them are probably going to fail,” Lingham warned.

Source: Why Blockchains and Identity Go Together