Access, Information Security and Systems administration

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. The security incident was discovered during a routine screening by its internal security team, an internal investigation is still ongoing. Pierluigi Paganini.

Access

Access Systems administration Data breaches Security

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. Threat actors were also observed uploading and use custom webshells to enable network access [T1505.003].

Ransomware

Ransomware Systems administration Cybersecurity Encryption

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Department of Justice , RSOCKS offered clients access to IP addresses assigned to devices that had been hacked: “A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront’ (i.e., “I opened an American visa for myself, it was not difficult to get.

Sales

Sales Access Systems administration Marketing

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

The security researcher Eaton Zveare has exploited a vulnerability in Toyota’s Global Supplier Preparation Information Management System (GSPIMS) to achieve system admin access to Toyota’s global supplier management network. made it easy to find accounts that had elevated access to the system.

Systems administration

Systems administration Passwords Access Authentication

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

SSCP from (ISC)2 is a mid-level certification designed for IT administrators, managers, directors, and network security professionals responsible for the hands-on operational security of their organization’s critical assets. Candidates must have at least one year of paid work experience in one of the exam’s topic areas.

Cybersecurity

Cybersecurity Systems administration Information Security Compliance

How Microsoft Training Boosts an ISO 27001 Qualification

IT Governance

FEBRUARY 17, 2022

If you’re serious about information security, you should consider gaining a Microsoft qualification. ISO 27001 is often considered the go-to qualification for information security professionals. The most comprehensive advice comes via ISO 27017, the international security standard for Cloud services.

Cloud

Cloud Systems administration Information Security Security

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. Original post at [link].

Authentication

Authentication Access Systems administration Military

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

DECEMBER 7, 2020

Last week, the company finally released security updates to fix the CVE-2020-4006 zero-day flaw in Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. Affected versions are: VMware Workspace One Access 20.10 (Linux) VMware Workspace One Access 20.01 (Linux) VMware Identity Manager 3.3.1

Systems administration

Systems administration Access Cybersecurity Authentication

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The attacks are part of a large-scale campaign that also resulted in unauthorized access to a Soliton file shared storage used by the Japanese Prime Minister’s Cabinet Office staff. The vendor recommended changing system administrator account, reset access control, and installing the latest available version. and V5.0.3.

Systems administration

Systems administration Government Access Security

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware to access multinational companies’ networks. ” reads the joint advisory.

Cybersecurity

Cybersecurity Systems administration Access Government

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Systems administration

Systems administration Military Phishing Government

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

The module has full access to all the firmware, hardware, software, and operating system installed on the server. . The persistence achieved by tampering this module allows the malware to survive to the re-installation of the operating system. The level of sophistication of these attacks suggests the involvement of an APT group.

Systems administration

Systems administration Access Cybersecurity Security

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

.” reads the security advisory published by the vendor. “These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware.”

Ransomware

Ransomware Systems administration Authentication Security

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The investigation into the incident revealed that operators at the plant were using out-of-date Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer was used by the attackers to breach the network of the plant. Identify and suspend access of users exhibiting unusual activity. Windows 10).

Passwords

Passwords Systems administration Risk Access

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” “Threat actors have been keen to exploit the popularity of these tools, promising unrestrictive access. ” concludes the report.

Systems administration

Systems administration Access Cybersecurity Security

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools. “Royal’s initial access utilized the basic service domain service account, connecting to a server. ” reads the report.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. md , and that they were a systems administrator for sscompany[.]net.

Analytics

Analytics Passwords Systems administration Retail

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The complaint states that the Company failed to implement basic industry-accepted data security measures to protect PHI from unauthorized access, and did not have adequate controls in place. The complaint also states that the Company’s “information security policies were deficient and poorly documented.”

Data breaches

Data breaches Computer and Electronics Security Insurance

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines. The types of fixed vulnerabilities include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries. ” reads the advisory published by Cisco.

Systems administration

Systems administration Passwords Communications Access

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

The website is a clone of the website of Convergent Network Solutions Ltd , Bastion Secure’s ‘About’ page states that is a spinoff of the legitimate cybersecurity firm that anyway not linked to the criminal gang. Once gained access to the target network, the threat actors could then drop malware and ransomware. .

Ransomware

Ransomware Cybersecurity Systems administration Access

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Data Matters

MAY 17, 2018

The Georgia State Senate had recently voted 42-7 to approve SB 315, which criminalized unauthorized computer access with maximum penalties of up to one year of incarceration and a fine of $5,000. SB 315 faced opposition from both private companies and information security researchers.

Systems administration

Systems administration Cybersecurity Information Security Insurance

Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign

Security Affairs

AUGUST 16, 2023

An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access.” System administrators need to be aware that adversaries can exploit edge devices to place backdoors that persist even after updates and / or reboots.”

Systems administration

Systems administration Cloud IT Access

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

The attackers also targeted Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices to use them as additional access points to route command and control (C2) traffic and midpoints to carry out attacks on other entities. ” reads the advisory published by the US agencies.

Authentication

Authentication Passwords Systems administration Manufacturing

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function.

Systems administration

Systems administration Security IT Access

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

.” Customers can check whether their NAS is exposed online by using the Security Counselor, a built-in security portal for QNAP NAS devices. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router.

Ransomware

Ransomware Security Encryption Systems administration

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

JULY 2, 2020

Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines.

Risk

Risk Systems administration Authentication Access

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Systems administration

Systems administration Security Access IT

Your CVSS Questions Answered

IT Governance

FEBRUARY 9, 2024

Most security professionals and companies provide CVSS scores alongside any vulnerabilities they find when performing a security assessment. This framework – with its own scoring system – focuses on software and its various weaknesses, such as improper input validation, memory safety and access control.

IoT

IoT Risk Security Access

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” ” “NSA adds its encouragement to immediately patch to mitigate against this still current threat.”

Systems administration

Systems administration Military Access Security

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

In May, the FBI and CISA also warned cyber attacks coordinated by Beijing and attempting to steal COVID-19 information from US health care, pharmaceutical, and research industry sectors. Keep operating system patches up-to-date. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.

Healthcare

Healthcare Passwords Government Systems administration

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

. “A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. ” reads the security advisory published. The authentication bypass flaw affects HPE Edgeline Infrastructure Manager (EIM) version 1.21. “A

Authentication

Authentication Passwords Systems administration Cloud

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

According to the CISA alert, the attackers used the above technique to deliver the BLINDINGCAN remote access trojan (RAT) (aka DRATzarus) and access the victim’s system for reconnaissance purpose. In April, the U.S.

Military

Military Systems administration Government Access

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. ” reads the report published by Kaspersky.

IT

IT Systems administration Military Cybersecurity

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. ” continues the post. ” continues the analysis.

Authentication

Authentication Passwords Encryption Systems administration

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The gang leverages exposed remote administration services and internet-facing vulnerabilities to gain and maintain access to victim networks. Custom tools After the initial access, Makop criminals are still using an old tool dated back to their first operations in cyberspace.

Ransomware

Ransomware Encryption Passwords Systems administration

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

The vulnerability could be exploited by attackers to gain access to the TMUI component to execute arbitrary system commands, disable services, execute arbitrary Java code, and create or delete files, and potentially take over the BIG-IP device. System administrators need to upgrade to fixed versions ASAP.

Honeypots

Honeypots Systems administration Passwords Cybersecurity

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

“According to the affidavit, foreign law enforcement agents, working in coordination with the FBI, gained lawful access to Emotet servers located overseas and identified the Internet Protocol addresses of approximately 1.6 ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cleanup

Cleanup Systems administration Ransomware Security

FTC Posts Third Blog in Its “Stick with Security” Series

Hunton Privacy

AUGUST 9, 2017

As we previously reported , the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. Physical confidential data should be secured in a filing cabinet, locked desk drawer or other secure location.

IT

IT Security Systems administration Passwords

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

DECEMBER 15, 2019

A “pairing certificate” will be generated and the permissions set on this file are the following: As you can see, users have only read access to this file. You need a user shell access on the Windows machine. He can define himself “security enthusiast”, interested in all emerging technologies in offensive and defensive security.

Systems administration

Systems administration Access Security Communications

What Is an Insider Threat? Definition, Types, and Examples

IT Governance

APRIL 25, 2023

A malicious threat can be an employee, contractor or business partner who is liable to leak sensitive information. Preventing this from happening requires a nuanced approach to information security, and it’s one that organisations are increasingly struggling with. We explain everything you need to know in this blog.

Data breaches

Data breaches Phishing Personal data Access

Best beginner cyber security certifications

IT Governance

SEPTEMBER 13, 2021

The CompTIA Security+ qualification is widely considered to be one of the best introductions to the cyber security industry. System administrator Network administrator Security administrator IT auditor Security analyst or security specialist Security consultant.

Security

Security Systems administration Honeypots Risk

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Using VMware Cloud Director, cloud providers deliver secure, efficient, and elastic cloud resources to thousands of enterprises and IT teams across the world. The flaw can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access. ” continues the advisory. x before 10.0.0.2, x before 9.7.0.5,

Cloud

Cloud Systems administration Authentication Passwords

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. A quick examination of the publicly accessible profile of the Moscow-based server swiftly uncovered a peculiarity.

Ransomware

Ransomware Systems administration IT Access

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. In recent years, Cluley has been well-known for his cybersecurity analysis, blog, and award-winning podcast Smashing Security. Denial-of-Suez attack. Jack Daniel | @jack_daniel.

Cybersecurity

Cybersecurity e-Discovery Passwords Information Security

Yandex security team caught admin selling access to users’ inboxes

FBI and CISA published a new advisory on AvosLocker ransomware

Trending Sources

Meet the Administrators of the RSOCKS Proxy Botnet

Researcher compromised the Toyota Supplier Management Network

15 Top Cybersecurity Certifications for 2022

How Microsoft Training Boosts an ISO 27001 Qualification

Hacker breaches key Russian ministry in blink of an eye

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Hackers are targeting Soliton FileZen file-sharing servers

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

StealthWorker botnet targets Synology NAS devices to drop ransomware

FBI’s alert warns about using Windows 7 and TeamViewer

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Who and What is Behind the Malware Proxy Service SocksEscort?

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Cisco fixes a static default credential issue in Smart Software Manager tool

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign

China-linked threat actors have breached telcos and network service providers

Caketap, a new Unix rootkit used to siphon ATM banking data

How to secure QNAP NAS devices? The vendor’s instructions

Critical Apache Guacamole flaws expose organizations at risk of hack

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Your CVSS Questions Answered

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

US govt agencies share details of the China-linked espionage malware Taidoor

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

CISA’s MAR warns of North Korean BLINDINGCAN RAT

North Korea-linked Lazarus APT targets the IT supply chain

USBAnywhere BMC flaws expose Supermicro servers to hack

Dissecting the malicious arsenal of the Makop ransomware gang

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

FTC Posts Third Blog in Its “Stick with Security” Series

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

What Is an Insider Threat? Definition, Types, and Examples

Best beginner cyber security certifications

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Top Cybersecurity Accounts to Follow on Twitter

Stay Connected