Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
The Threat
Since October 23, 2019, wide-scale exploitation of BlueKeep (CVE-2019-0708) has been observed in the wild, delivering crypto-currency miners to vulnerable systems; the activity was first discovered by security researcher Kevin Beaumont [1]. Microsoft released security patches for BlueKeep in May 2019. It is highly recommended to install the patches on all vulnerable systems if this action has not been taken already.
What we’re doing about it
What you should do about it
Additional information
CVE-2019-0708 is a critical vulnerability affecting Microsoft Remote Desktop Protocol (RDP). If exploited, a remote and unauthenticated attacker can execute arbitrary code on vulnerable systems or cause a denial of service. This vulnerability is especially concerning as user interaction is not required and it is wormable; meaning that a determined threat actor could create a self-propagating exploit. However, at this time, no worms employing CVE-2019-0708 have been identified in the wild.
For additional technical details, see the blogpost BlueKeep (CVE 2019-0708) exploitation spotted in the wild, by Marcus Hutchins [4].
Affected Windows Versions still supported by Microsoft:
Affected Windows Versions no-longer supported by Microsoft:
References
[1] https://doublepulsar.com/bluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6
[2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708