A botnet is brute-forcing over 1.5 million RDP servers all over the world

Furthermore, statistics show that despite BlueKeep, most RDP attacks today are brute-force attempts.

Security researchers have discovered a new botnet that has been attacking Windows systems running a Remote Desktop Protocol (RDP) connection exposed to the Internet.

Discovered by Renato Marinho of Morphus Labs, the researcher says the botnet has been seen attacking 1,596,571 RDP endpoints, a number that will most likely rise in the coming days.Named GoldBrute, the botnet works as follows

  1. Botnet brute-forces and gain access to a Windows system via RDP.
  2. Downloads a ZIP file with the GoldBrute malware code.
  3. Scans the internet new RDP endpoints that are not part of the main GoldBrute list of RDP endpoints.
  4. After it finds 80 new RDP endpoints, it sends the list of IP addresses to its remote command-and-control server.
  5. Infected host receives a list of IP addresses to brute force. For each IP address, there’s only one username and password the bot must try to authenticate with. Each GoldBrute bot gets a different username&password combo.
  6. Bot performs brute-force attack and reports result back to C&C server.

Source: ZDnet

China’s Big Brother Social Control Goes to Australia

Source: The Epoch Times

Australia is preparing to debut its version of the Chinese regime’s high-tech system for monitoring and controlling its citizens. The launch, to take place in the northern city of Darwin, will include systems to monitor people’s activity via their cell phones.

The new system is based on monitoring programs in Shenzhen, China, where the Chinese Communist Party (CCP) is testing its Social Credit System. Officials on the Darwin council traveled to Shenzhen, according to NT News, to “have a chance to see exactly how their Smart Technology works prior to being fully rolled out.”

In Darwin, they’ve already constructed “poles, fitted with speakers, cameras and Wi-Fi,” according to NT News, to monitor people, their movements around the city, the websites they visit, and what apps they use. The monitoring will be done mainly by artificial intelligence, but will alert authorities based on set triggers.

‘We have been cheated’: Australia’s biggest cities dudded with inferior NBN, research shows

If you live in one of Australia’s biggest cities there’s a one in two chance that you’ll be dudded with an inferior NBN connection.

Those are the explosive findings of a new study of the scandal-plagued $51 billion taxpayer-funded national broadband network.

Around half of all homes in Sydney, Melbourne and Brisbane will be connected to the NBN via the oldest and most controversial of the patchwork of technologies available, research by the University of Sydney and Arizona State University has found.

The team of researchers collected data on the “footprints of technologies” currently or about to be in place in Australia’s three major metropolitan cities.

The data suggested that between 40 and 60 per cent of homes in those cities would be connected via “very old technology” known as hybrid fibre-coaxial (HFC).

Source: thenewdaily.com.au

Australian Government Ignores Experts in Advancing Its Anti-Encryption Bill

Source: www.eff.org

The Australian government has ignored the expertise of researchers, developers, major tech companies, and civil liberties organizations by charging forward with a disastrous proposal to undermine trust and security for technology users around the world.

On September 10, the Australian government closed the window for receiving feedback about its anti-encryption and pro-surveillance “Access and Assistance” bill. A little more than a week and more than 15,000 comments later, the Minister for Home Affairs introduced a largely-unchanged version of the bill into the House of Representatives.

The issue isn’t whether the Australian government read the 15,000 comments and ignored them, or refused to read them altogether. The issue is that the Australian government couldn’t have read the 15,000 comments in such a short time period. Indeed, the bill’s few revisions reflect this—no security recommendations are included.

Are you prepared for a ransomware attack?

Source: Malwarebytes.com

Spotlight on Troldesh ransomware, aka ‘Shade’

Posted: March 6, 2019 by Pieter Arntz 
Last updated: March 5, 2019

Despite the decline in the number of ransomware infections over the last year, there are several ransomware families that are still active. Ransom.Troldesh, aka Shade, is one of them. According to our product telemetry, Shade has experienced a sharp increase in detections from Q4 2018 to Q1 2019.

When we see a swift spike in detections of a malware family, that tells us we’re in the middle of an active, successful campaign. So let’s take a look at this “shady” ransomware to learn how it spreads, what are its symptoms, why it’s dangerous to your business, and how you can protect against it.