#splashtop — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #splashtop, aggregated by home.social.
-
An unknown threat actor is abusing a remote management tool called #TiFLUX as an initial access vector, targeting a broad range of potential victims by email. The attacks using this Brasil-originated commercial utility began in February, but really ramped up in April and the beginning of this month.
The lures employ a variety of #spam tropes, including bogus event invitations and business invoices/bills.
TiFLUX seems uniquely vulnerable to this kind of abuse; The installer package also installs an old version of UltraVNC as well as a vulnerable #loldriver that can elevate privileges. Weirdest of all, the attackers are also using this RMM to deploy other heavily-abused RMMs, including #Splashtop and #ScreenConnect to the devices that get hit. Those RMMs are connecting to IP addresses associated with known bulletproof hosts.
This is my first post at the @huntress blog: https://www.huntress.com/blog/tiflux-rmm-install
-
An unknown threat actor is abusing a remote management tool called #TiFLUX as an initial access vector, targeting a broad range of potential victims by email. The attacks using this Brasil-originated commercial utility began in February, but really ramped up in April and the beginning of this month.
The lures employ a variety of #spam tropes, including bogus event invitations and business invoices/bills.
TiFLUX seems uniquely vulnerable to this kind of abuse; The installer package also installs an old version of UltraVNC as well as a vulnerable #loldriver that can elevate privileges. Weirdest of all, the attackers are also using this RMM to deploy other heavily-abused RMMs, including #Splashtop and #ScreenConnect to the devices that get hit. Those RMMs are connecting to IP addresses associated with known bulletproof hosts.
This is my first post at the @huntress blog: https://www.huntress.com/blog/tiflux-rmm-install
-
An unknown threat actor is abusing a remote management tool called #TiFLUX as an initial access vector, targeting a broad range of potential victims by email. The attacks using this Brasil-originated commercial utility began in February, but really ramped up in April and the beginning of this month.
The lures employ a variety of #spam tropes, including bogus event invitations and business invoices/bills.
TiFLUX seems uniquely vulnerable to this kind of abuse; The installer package also installs an old version of UltraVNC as well as a vulnerable #loldriver that can elevate privileges. Weirdest of all, the attackers are also using this RMM to deploy other heavily-abused RMMs, including #Splashtop and #ScreenConnect to the devices that get hit. Those RMMs are connecting to IP addresses associated with known bulletproof hosts.
This is my first post at the @huntress blog: https://www.huntress.com/blog/tiflux-rmm-install
-
An unknown threat actor is abusing a remote management tool called #TiFLUX as an initial access vector, targeting a broad range of potential victims by email. The attacks using this Brasil-originated commercial utility began in February, but really ramped up in April and the beginning of this month.
The lures employ a variety of #spam tropes, including bogus event invitations and business invoices/bills.
TiFLUX seems uniquely vulnerable to this kind of abuse; The installer package also installs an old version of UltraVNC as well as a vulnerable #loldriver that can elevate privileges. Weirdest of all, the attackers are also using this RMM to deploy other heavily-abused RMMs, including #Splashtop and #ScreenConnect to the devices that get hit. Those RMMs are connecting to IP addresses associated with known bulletproof hosts.
This is my first post at the @huntress blog: https://www.huntress.com/blog/tiflux-rmm-install
-
An unknown threat actor is abusing a remote management tool called #TiFLUX as an initial access vector, targeting a broad range of potential victims by email. The attacks using this Brasil-originated commercial utility began in February, but really ramped up in April and the beginning of this month.
The lures employ a variety of #spam tropes, including bogus event invitations and business invoices/bills.
TiFLUX seems uniquely vulnerable to this kind of abuse; The installer package also installs an old version of UltraVNC as well as a vulnerable #loldriver that can elevate privileges. Weirdest of all, the attackers are also using this RMM to deploy other heavily-abused RMMs, including #Splashtop and #ScreenConnect to the devices that get hit. Those RMMs are connecting to IP addresses associated with known bulletproof hosts.
This is my first post at the @huntress blog: https://www.huntress.com/blog/tiflux-rmm-install
-
CVE Alert: CVE-2022-50693 - Splashtop - Splashtop - https://www.redpacketsecurity.com/cve-alert-cve-2022-50693-splashtop-splashtop/
#OSINT #ThreatIntel #CyberSecurity #cve-2022-50693 #splashtop #
-
I have now moved on to Splashtop's Wired XDisplay. It does not do wireless and is slightly more fiddly to set up, but it also does not require an account or sign-in of any kind and is a ONE-TIME purchase on the Play Store, and only $6.99 (there is also a free version but it can be used only ten minutes at a time).
I am normally a proponent of subscription pricing in software, but I'll take the better deal when I can.