Thousands of unprotected servers running Microsoft Remote Desktop Protocol (RDP) service are being used by cybercriminals to launch distributed denial-of-service (DDoS) attacks, warned NETSCOUT researchers. Attackers are able to abuse RDP for UDP reflection/amplification DDoS attacks. 

More from NETSCOUT:

• Microsoft's RDP service provides remote virtual desktop infrastructure access to Windows-based workstations and servers.
• Around 33,000 vulnerable Windows RDP servers have been identified by NETSCOUT.
• The firm has observed DDoS attack sizes ranging from 20 Gbps to 750 Gbps using this technique.

Drupal has fixed a critical vulnerability in a third-party library that is being exploited in the wild. The bug is caused by a flaw in the PEAR Archive_Tar library used by the content management system (CMS).

More:

• The PEAR Archive_Tar library bug enables write operations with Directory Traversal due to inadequate checking of symbolic links.
• In its security advisory, Drupal recommends updating to the latest version of its platform. 
• Drupal is the fifth most popular CMS behind WordPress, Shopify, Joomla, and Squarespace. 

An ADT home security technician admitted to hacking into home cameras of more than 200 customers to spy on them in their homes. Telesforo Aviles told a court that he carried out the spying by adding his personal email address to accounts on ADT Pulse, an app that enables customers to check on their security cameras remotely.

More from DoJ:

• Aviles said he focused his hacking on homes with attractive women and spied on them during intimate moments. 
• During a four and a half year period, he accessed customer accounts more than 9,600 times without their consent.
• Aviles faces up to five years in federal prison.

Intel said that someone hacked into its newsroom websites and stole an infographic containing the company's fourth-quarter financial results. This forced the company to release its results before the stock market closed on Thursday, according to Chief Financial Officer George Davis.

More:

• Prior to the hack, Intel had planned to published its fourth-quarter financial results after the stock market closed at 4 p.m.
• The company's stock increased 6.5% in response to the early release of its financial results.
• Intel spokesperson said that the company is investigating the breach. 

The U.K. Department of Education gave laptops infected with malware to disadvantaged students. The laptops, provided to children who are unable to afford computers for homeschooling during the lockdown, apparently contained a Russian worm called Gamarue.I.

More:

• Gamarue.l is a member of the Gamarue family of malware that can change security settings, download malware, and take control of a computer.
• The department contracted with Geo to supply the laptops to the students.
• The infected laptops were provided to schools in Bradford, England. 

RANSOMWARE ROUNDUP: (This premium content first appeared in the Jan. 19 issue of Inside Security. To get RANSOMWARE ROUNDUP in your inbox every Tuesday, click here to upgrade to premium!)

• At least 2,354 U.S. governments, healthcare facilities, and schools suffered ransomware attacks in 2020, according to the latest stats from security firm Emsisoft. In some cases, the attacks caused life-threatening disruption to operations.
• CHwapi hospital in Tornai, Belgium, was hit by a ransomware attack that forced it to cancel all non-urgent operations and resort to paper records.
• FIN11, a cybercriminal group, has begun employing CL0P ransomware to target top executives at companies, according to research from Deutsche Telekom.
• IObit, a Windows utility developer, was breached by hackers who launched DeroHE ransomware attacks against forum members. The attackers sent phishing emails to members offering them a free one-year software license with a "Get It Now" link that actually led to ransomware.
• The Scottish Environment Protection Agency is struggling to recover from a Christmas Eve ransomware attack that encrypted files, disrupted operations, and resulted in the theft of 1.2 GB of data. The agency's contact center, internal systems and processes, and internal communications have been disrupted.
• Wentworth golf and country club in the U.K. is warning its 4,000 members that a ransomware attack may have resulted in the disclosure of their personal data. The exposed information includes members' names, dates of birth, home addresses, email addresses, phone numbers, and last four digits of bank account numbers.
• MalwareHunterTeam has discovered a new Android-based ransomware that appears related to the Lucy ransomware. 
• GrujaRS found a new HiddenTear variant called ByteLocker that encrypts files without adding an extension.

As previously reported in Inside Security:

• Video game maker Capcom said the personal data of more than 16,000 individuals was stolen by Ragnar Locker ransomware attackers. Read more...
• Intel's new 11th Gen Core vPro mobile processor includes added ransomware protection that sits below the operating system (OS). Read more...

QUICK HITS:

• How are companies deciding on privacy management solutions in 2021? This eGuide breaks it down.*
• President Biden has ordered U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack.
• Close to 2 million user records, stolen from MyFreeCams.com a decade ago, have shown up for sale on a hacker forum.
• Colliers International Group, a Canadian commercial real estate firm, was hit by a ransomware attack that resulted in a data breach. 
• Nexo manages $4B in assets and has over 1M users. See why fintech consumers are banking on crypto.*

* This is sponsored content.