2014, Security and Systems administration - Information Management Today

Chinese Hackers Stole an NSA Windows Exploit in 2014

Schneier on Security

MARCH 4, 2021

Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control.

Systems administration

Systems administration Government IT

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

MAY 25, 2020

Cisco has released several security patches, including one for a critical issue, tracked as CVE-2020-3280 , in the call-center software Unified Contact Center Express. Cisco released a set of security patches , including one for a critical flaw in its call-center software Unified Contact Center Express, tracked as CVE-2020-3280.

Systems administration

Systems administration Security IT Information Security

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

JUNE 10, 2022

The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive. Adconion was acquired in June 2014 by Amobee , a Redwood City, Calif.

Marketing

Marketing Government Systems administration Sales

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Systems administration

Systems administration Encryption Communications Security

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

Cisco has released security updates to address 17 vulnerabilities affecting its networking and unified communications product lines. Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Systems administration

Systems administration Passwords Communications Access

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.

Sales

Sales Access Systems administration Marketing

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. Keep operating system patches up-to-date. v1 , U.S. .

Healthcare

Healthcare Passwords Government Systems administration

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. . Using a previous version of Exim leaves a system vulnerable to exploitation. ” concludes NSA.

Systems administration

Systems administration Military Access Security

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Systems administration

Systems administration Security IT Information Security

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Systems administration Encryption Passwords

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

The recent CurveBall vulnerability shook the Info-Sec community worldwide: a major vulnerability reported directly by the US National Security Agency. Even cryptographically signed files and emails are exposed to spoofing and tampering , violating the core parts of the threat models most of the company use to secure their businesses.

Systems administration

Systems administration Risk Communications Security

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. The bad aspect of the story is that even if security patches have been available for months, ISPs and owners of the home routers still have installed them. Pierluigi Paganini. Pierluigi Paganini.

Mining

Mining Systems administration Security Access

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

IT

IT Systems administration Military Cybersecurity

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

Attackers are already attempting to exploit the recently fixed bug in F5 Networks BIG-IP product, security experts warn. System administrators need to upgrade to fixed versions ASAP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. A proof-of-concept exploit is now publicly available.

Honeypots

Honeypots Systems administration Passwords Cybersecurity

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems. . System administrators need to employ security best practices with the systems they manage.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Honeypots Libraries Archiving

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

Oracle has just released a security update to prevent 2.3 The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. Since its launch, RPCBIND has been receiving updates that cover several failures, including security. This, however, is the most serious finding so far.

Systems administration

Systems administration Authentication Security IT

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed to North Korea. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. In April, the U.S.

Military

Military Systems administration Government Access

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. The issue was first discovered by security researcher Özkan Mustafa Akku? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Systems administration Authentication Security

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

“These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security,” according to the report. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. .” states the report. ” reported The Washington Post. .

IT

IT Data breaches Systems administration Passwords

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

Archiving

Archiving Systems administration Cybersecurity IT

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Experts pointed out that a Docker Engine is not properly secured could be exposed to remote attack through Docker Engine API. Security Affairs – Docker APIs, hacking).

Mining

Mining Systems administration Encryption Authentication

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs.

Honeypots

Honeypots Systems administration Passwords IoT

Five Eyes Intelligence agencies warn of popular hacking tools

Security Affairs

OCTOBER 12, 2018

Security agencies belonging to Five Eyes (United States, United Kingdom, Canada, Australia and New Zealand) have released a joint report that details some popular hacking tools. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Security Affairs – Five Eyes, hacking ). Credential Stealer: Mimikatz.

Systems administration

Systems administration Communications Cybersecurity Security

Google will shut down consumer version of Google+ earlier due to a bug

Security Affairs

DECEMBER 11, 2018

Google announced it will close the consumer version of Google+ before than originally planned due to the discovery of a new security flaw. “A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered.

Systems administration

Systems administration Access Security IT

Wireshark fixed three flaws that can crash it via malicious packet trace files

Security Affairs

SEPTEMBER 2, 2018

” reads the security advisory published for the CVE-2018-16057 flaw. “To inject malformed packets that the Wireshark application may attempt to parse, the attacker may need access to the trusted, internal network where the targeted system resides. Administrators are advised to monitor affected systems.

IT

IT Systems administration Access Security

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

.” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. The vulnerability could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

Systems administration

Systems administration Authentication Security IT

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data. The Windows Background Intelligent Transfer Service (BITS) service is a built-in component of the Microsoft Windows operating system. ” continues the report.

Systems administration

Systems administration Encryption Communications Security

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

The accused, 36-year-old John “Armada” Revesz , has maintained that Orcus is a legitimate “ R emote A dministration T ool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product. In 2014, the U.S.

Marketing

Marketing Systems administration Sales Passwords

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

Then the attackers used the stolen information to target into customer systems. “Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE’s cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years in what U.S.

Cloud

Cloud IT Systems administration Phishing

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

SEPTEMBER 2, 2019

online ad firm that acquired Adconion in 2014, bills itself as the world’s leading independent advertising platform. For many years, Dye was a system administrator for Optinrealbig , a Colorado company that relentlessly pimped all manner of junk email, from mortgage leads and adult-related services to counterfeit products and Viagra.

Marketing

Marketing Government Systems administration Metadata

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. “The lengthy delay for the cleanup routine to activate may be explained by the need to give system administrators time for forensics analysis and checking for other infections.”

Cleanup

Cleanup Systems administration Ransomware Security

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

Archiving

Archiving Systems administration Cybersecurity IT

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Its author maintains Orcus is a legitimate R emote A dministration T ool that is merely being abused, but security experts say it includes multiple features more typically seen in malware known as a R emote A ccess T rojan. Tips from international private cyber security firms triggered the investigation.”. In 2014, the U.S.

Marketing

Marketing Passwords Systems administration Access

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Security Affairs

NOVEMBER 28, 2018

Cisco has released a new round of security patches to address potentially serious WebExec Webex flaw first addressed one month ago. Cisco advisory reveals that the vulnerability could be also exploited remotely by leveraging the operating system remote management tools. when running on a Microsoft Windows end-user system. .

IT

IT Systems administration Authentication Security

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

DECEMBER 15, 2019

Disclosure timeline: 13th September 2019: We submitted the issue to product-security@apple.com 18th September 2019: Apple asked us the resend the screen shots 10th October 2019: Apple told us that they were planning to address this issue in a future update 30th October 2019: Apple released version 12.10.2 Pierluigi Paganini.

Systems administration

Systems administration Access Security Communications

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. Pierluigi Paganini.

Authentication

Authentication Passwords Encryption Systems administration

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

The security breach was discovered by an analyst at Lockheed Martin that immediately informed the organization. ” Cyber security experts believe the attack was carried out by the China-linked APT group LuckyMouse (aka Emissary Panda , APT27 and Threat Group 3390, and Bronze Union). .” “ reports Radio-Canada.

Systems administration

Systems administration Communications Access Cybersecurity

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

And the Cybersecurity and Infrastructure Security Agency (CISA) added 15 more vulnerabilities to its list of actively exploited vulnerabilities. CVE-2014-4404 : An RCE vulnerability caused by buffer overflow in old Apple’s products (iOs before 8 and Apple TV before 7) allows attackers to execute arbitrary code in a privileged context.

Ransomware

Ransomware Encryption Agriculture Cybersecurity

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

Hladyr is suspected to be a system administrator for the group. He is currently detained in Spain pending the United States’ request for extradition. ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Sales

Sales Systems administration Phishing Access

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

Yakubets is considered the leader of the gang behind the Bugat malware and botnet , the cybercrime group known as Evil Corp, while Turashev allegedly was tasked with other functions, including system administration, management of the internal control panel, and oversight of botnet operations. Pierluigi Paganini.

Systems administration

Systems administration Ransomware IT Security

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

eSecurity Planet

AUGUST 4, 2023

As cloud computing evolves, so has cloud security, and buyers in the market for cloud security solutions may find themselves facing a dizzying array of acronyms, like CNAPP, CWPP, CSPM, and CIEM. Securing all those new cloud environments and connections became a job for cybersecurity companies.

Cloud

Cloud Compliance Risk Access

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

This report is meant for incident response or Linux forensics purpose, TO HELP admin & IR folks ”, with this the very beginning sentence starts the new analysis of one of the most talented reverser of the worldwide extended security community, the head of MalwareMustDie team, Mr. unixfreaxjp. Non-Technical-Premise. On the MMD blog.

Communications

Communications Encryption Systems administration Security

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Security researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956 , that could be abused to takeover corporate servers. Experts from Citadelo discovered the issue while conducting a security audit of the cloud infrastructure.of

Cloud

Cloud Systems administration Authentication Passwords

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Throughout 2013 and 2014, PCs infected with Gameover were seeded with Cryptolocker , an early, much-copied ransomware strain allegedly authored by Bogachev himself.

Ransomware

Ransomware Systems administration Phishing Encryption

Chinese Hackers Stole an NSA Windows Exploit in 2014

Cisco fixed a critical issue in the Unified Contact Center Express

Webinars

Trending Sources

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Webinars

A member of the FIN7 group was sentenced to 10 years in prison

Cisco fixes a static default credential issue in Smart Software Manager tool

Meet the Administrators of the RSOCKS Proxy Botnet

US govt agencies share details of the China-linked espionage malware Taidoor

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Yomi Hunter Catches the CurveBall

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

North Korea-linked Lazarus APT targets the IT supply chain

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Backdoored Webmin versions were available for download for over a year

CIA elite hacking unit was not able to protect its tools and cyber weapons

FireEye experts found source code for CARBANAK malware on VirusTotal?

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Roboto, a new P2P botnet targets Linux Webmin servers

Five Eyes Intelligence agencies warn of popular hacking tools

Google will shut down consumer version of Google+ earlier due to a bug

Wireshark fixed three flaws that can crash it via malicious packet trace files

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Orcus RAT Author Charged in Malware Scheme

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

FireEye experts found source code for CARBANAK malware on VirusTotal?

Canadian Police Raid ‘Orcus RAT’ Author

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

USBAnywhere BMC flaws expose Supermicro servers to hack

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

US authorities charged Dridex gang members for stealing over $100 Million

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Ransomware Gangs and the Name Game Distraction

Stay Connected