(google.com / Mandiant) Windows Remote Desktop Protocol: Remote to Rogue - Analysis of Novel Russian APT Campaign

https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/

As always a very good write-up and detailed analysis of some novel use of RDP by Russian APTs. Involves signed RDP, and interesting proxy-behaviour.

Worth reading (as always!)

#Cybersecurity #ThreatIntel #Russia #APT #RDP #

No hace falta pagar para tener un escritorio remoto: Rustdesk es Open Source y funciona a las mil maravillas en el móvil https://blog.elhacker.net/2025/04/rustdesk-escritorio-remoto-rdp-gratis.html #softwarelibre #escritorio #rust #rdp

This week in #FDroid (TWIF) is live:

- #afreerdp / #freerdp big update for your #rdp needs
- #DeltaChat & #ArcaneChat message edits & deletes
- Hello new #Fossify Calc, goodbye old Calc
- #Jami welcomes #Skype refugees
+ 7 new apps
+ 231 updates
& 170 archived apps

Scroll by https://f-droid.org/2025/03/27/twif.html

Windows 11 24H2から古いサーバーへのリモートデスクトップ接続で切断が頻発する問題 – 窓の杜 https://www.yayafa.com/2249327/ #RDP #RDS #SCIENCE #Science&Technology #Technology #Windows #インターネット #システム #システム・ファイル #テクノロジー #デスクトップ #ネットワーク #リモートデスクトップサービス #リモートデスクトップ接続 #科学 #科学＆テクノロジー

if you are using #bazzite (i'm running #gnome #nvidia) and are successfully using the #RDP Remote Login service, please let me know how you set that up, because i can authenticate to the service but WindowsApp on #iPadOS gets stuck on "Configuring remote PC" and eventually fails.

DollyWay Malware campaign Targets WordPress Sites

The full text of this year's £1.3bn World War Two-related cyber-attack on the Russian government, as compiled by the European Union's Institute for Strategic Studies.

Pulse ID: 67dc0896bfa5087942de08a4
Pulse Link: https://otx.alienvault.com/pulse/67dc0896bfa5087942de08a4
Pulse Author: cryptocti
Created: 2025-03-20 12:22:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Windows 11: bug elimina Copilot dal sistema operativo
#Aggiornamenti #Avvio #BSOD #Bug #Copilot #Crash #Errore #Laptop #Marzo2025 #Microsoft #Mouse #Notizie #PatchTuesday #PC #Problemi #RDP #Tastiera #TechNews #Tecnologia #USB #Windows10 #Windows11

https://www.ceotech.it/windows-11-bug-elimina-copilot-dal-sistema-operativo/

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

A sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout page, collected payment and billing information, sending it to a malicious server. A PHP backdoor allowed remote system command execution, while a reconnaissance script gathered server information. The attack demonstrates the evolving complexity of e-commerce platform threats, emphasizing the need for strict security measures, regular scans, proper access controls, and timely updates to prevent such exploits.

Pulse ID: 67d52aad906732f7bad24dfa
Pulse Link: https://otx.alienvault.com/pulse/67d52aad906732f7bad24dfa
Pulse Author: AlienVault
Created: 2025-03-15 07:22:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign

A recent investigation uncovered a malicious JavaScript injection affecting WordPress websites, redirecting visitors to unwanted third-party domains. The attack vector involves a two-stage redirection process, injecting code into theme files and loading external scripts. The malware creates hidden elements to force redirects, potentially leading to phishing pages, malvertising, exploit kits, or scam sites. At least 31 infected websites were identified, with domains like awards2today[.]top and chilsihooveek[.]net involved. The infection methods include compromised admin accounts, exploited vulnerabilities, inadequate file permissions, and hidden PHP backdoors. Impacts include traffic loss, reputation damage, SEO blacklisting, and risks of further infections. Detection involves inspecting network activity and file modifications, while prevention measures include regular security audits, updates, strong passwords, and web application firewalls.

Pulse ID: 67ca751fcb0a0f73661e1ad4
Pulse Link: https://otx.alienvault.com/pulse/67ca751fcb0a0f73661e1ad4
Pulse Author: AlienVault
Created: 2025-03-07 04:25:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

WordPress Sites Infected with JavaScript Backdoors

Pulse ID: 67c99b589c7595756d5be142
Pulse Link: https://otx.alienvault.com/pulse/67c99b589c7595756d5be142
Pulse Author: cryptocti
Created: 2025-03-06 12:55:52

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

WordPress Sites Infected with JavaScript Backdoors

Pulse ID: 67c99b5bc3bf00dfe74bc5e9
Pulse Link: https://otx.alienvault.com/pulse/67c99b5bc3bf00dfe74bc5e9
Pulse Author: cryptocti
Created: 2025-03-06 12:55:55

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

https://www.forbes.com/sites/daveywinder/2025/03/02/hacker-access-to-your-small-business-costs-600-on-the-dark-web/ #cybersecurity #cybercrime #remoteaccess #VPN #RDP

Is it me, or has the latest versions of Remmina had a regression where it does not respect the custom resolution set in RDP connections and just passes through the current display resolution of the client to the RDP host?

I'm seeing the same issue with both the Fedora and the Flathub packages and with both a Windows 10 VM and a Debian (trixie) VM.

The #RDP server in #Windows 10 Pro keeps changing its certificate. I have to pretty much blindly trust that any change in certificate is legit and not an MITM attack. It also won't let me set a certificate myself.

Apparently #Microsoft considers basic #infosec to be a premium enterprise feature.

#Windows, #MacOS, #VNC, generally all GUIs in #retrocomputing:
“Just draw into local video RAM.”

#X11, #RDP:
“Send all draw calls over a network socket! Sophisticated! Impressive! Network transparent!”

#Wayland, RDPv7.1:
“Just draw into local video RAM.”

What is everyone using for #rdp to #windows clients? I've noticed the recent (guessing within the last year) for Windows 11 causes weird issues and artifacts with older Windows clients.

What are some good, 3rd party utilities? Thanks!

#Kimsuky hackers use new custom #RDP Wrapper for remote access

https://www.bleepingcomputer.com/news/security/kimsuky-hackers-use-new-custom-rdp-wrapper-for-remote-access/

Extended #GNOME desktop to a color #eink note over #RDP protocol, suprisingly good for documentation or a terminal. No need for a full-blown usb-c eink screen.

It's darkly funny that #wayland not having any working equivalent of X11 forwarding always seems to be met with "well why would you want to be displaying a single app, don't you want to just do the whole desktop via #RDP or such?"

and then it's like okay so do Wayland stacks support that natively and the answer is also no