Yandex security team caught admin selling access to users’ inboxes

Security Affairs

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. The security incident was discovered during a routine screening by its internal security team, an internal investigation is still ongoing.

Access 104

OpenSSL Fixes Flaws That Could Lead to Server Takedowns

Data Breach Today

System Administrators Advised to Update to Latest Version That Addresses 2 Vulnerabilities Users of the OpenSSL crypto library should upgrade immediately to the latest version to eliminate serious flaws that attackers could exploit to shut down servers, some security experts warn

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Dead System Admin's Credentials Used for Ransomware Attack

Data Breach Today

Sophos: 'Ghost' Accounts Present a Potential Security Danger The operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to Sophos.

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Yet all organizations today, no matter their size or sector, face the same daunting security challenge: how to preserve the integrity of their IT systems when the attack surface is expanding and intrusion attempts are intensifying. There are a lot of moving parts to modern IT systems.

Access 156

Edward Snowden in His Own Words: Why I Became a Whistle-Blower

WIRED Threat Level

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act. Backchannel Security

Boosting Security Effectiveness with 'Adjuvants'

Dark Reading

How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

This was an early indicator of how far most schools have to go in adopting an appropriate security posture. However, these inconveniences of enforcing passwords and using waiting rooms are completely reasonable if you want to ensure a secure, private meeting.”

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

Threatpost

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols. Government Vulnerabilities and Defense Industrial Base CloudFlare Department of Defense (DoD) government Heartbleed National Security System (NSS) NSA SSL TLS 1.0

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

Micro-segmentation is a fresh approach to defending company networks that is actually a throwback to a 30-year-old security concept, called network segmentation. It gives system administrators a way to secure each microsegment, separately.

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

The National Security Agency (NSA) warns that Russia-linked hackers are exploiting a recently patched VMware flaw in a cyberespionage campaign. VMware Workspace ONE allows to simply and securely deliver and manage any app on any device.

Can smart cities be secured and trusted?

Thales Cloud Protection & Licensing

This scenario seems smart, but is it secure? There’s just one problem…these massive, radical, interconnected technology systems also raise serious privacy and security concerns. As smart cities move from concept to reality, securing their foundation will become a top priority to ensure trust and privacy while providing improved city services and a higher quality of life. The cost of a security failure. Best practices to secure smart cities. Data securit

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Saurabh told me he developed a passion for helping organizations improve the efficiencies of their security operations. Today there exists a widening shortage of security analysts talented and battle tested enough to make sense of the rising tide of data logs inundating their SIEM systems.

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak.

How to start your career in cyber security

IT Governance

There has never been a better time to get into cyber security, with growing demand for experts promising increased salaries and job opportunities. In this blog, we provide tips for getting your cyber security career started no matter your background. Technically, you don’t need any cyber security experience to get started, though many people entering the field will come from jobs that have similar skillsets, such as systems administration or information analysis.

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. We’re adding an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.”

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land. Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn’t enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes. Ransomware, business email compromises and direct ACH system hacks continue to morph and intensify.

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI alert also warns of the risk of using Windows 7 operating system that has reached end-of-life on January 14, 2020.

Working BlueKeep Exploit Developed by DHS

Threatpost

The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000. Hacks Vulnerabilities bluekeep Bluekeep exploit critical vulnerability DHS Exploit Microsoft WannaCry Windows 2000

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

Cisco has released several security patches, including one for a critical issue, tracked as CVE-2020-3280 , in the call-center software Unified Contact Center Express. ” reads the security advisory published by Cisco.

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. The news of the attack was also confirmed by the popular cybersecurity researchers Kevin Beaumont that reported that threat actors are using the two issues to bypass all Windows OS security, by shutting down VMs and encrypting the VMDK’s directly on hypervisor.

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

Cisco has released security updates to address 17 vulnerabilities affecting its networking and unified communications product lines. Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines.

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. ” But on Friday, Florence Mayor Steve Holt confirmed that a cyberattack had shut down the city’s email system.

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

“When the user opens this drive ( or remote share) in Windows Explorer or any other application that parses the.LNK file, the malicious binary will execute code of the attacker’s choice on the target system.”

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

Security researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956 , that could be abused to takeover corporate servers.

Cloud 94

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

Security Affairs

The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix appliances with EDT enabled. The DTLS protocol is a communications protocol for securing delay-sensitive apps and services that use datagram transport.

Nick Jovanovic, VP Federal of Thales eSecurity Federal, Speaks to Media about Data Security

Thales Cloud Protection & Licensing

Nick Jovanovic, VP Federal of Thales eSecurity Federal (a division of TDSI), recently spoke with Federal Tech Talk’s John Gilroy about federal agency data security and key findings from the 2018 Thales Data Threat Report, Federal Government Edition. During the interview Jovanovic conveys the idea that many federal agencies are focused on end point security, which is focusing on the wrong area. He suggests that protecting data that is on your system should be the focus.

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. The U.S.

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks.

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

million individuals from the Company’s systems. According to the complaint, over a period of 19 days, hackers were able to infiltrate the Company’s computer systems. The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

We will continue with our security audits to ensure this is an isolated incident,” announced the blog. While the unprotected passwords were, according to Google, still protected within their “secure encrypted infrastructure,” the amount of time the issue went undetected is cause for concern for many security experts. “[E]ven E]ven if it’s only internal it still creates a substantial privacy and security concern,” said TrustedSec CEO David Kennedy to Wired Magazine.

Will Autonomous Security Kill CVEs?

ForAllSecure

of them – are labeled as a security vulnerability. of all vulnerabilities were found by fuzzing (3,849 security vulnerabilities found by fuzzing divided by 17,161, the total number of security-critical vulnerabilities found). So far, OSS-Fuzz has found over 16,000 defects, with 3,345 of them labeled as security related (20%!). Many of the security-critical bugs are never reported or given a CVE number. Many are security-critical.

WILL AUTONOMOUS SECURITY KILL CVES?

ForAllSecure

of them – are labeled as a security vulnerability. of all vulnerabilities were found by fuzzing (3,849 security vulnerabilities found by fuzzing divided by 17,161, the total number of security-critical vulnerabilities found). So far, OSS-Fuzz has found over 16,000 defects, with 3,345 of them labeled as security related (20%!). Many of the security-critical bugs are never reported or given a CVE number. Many are security-critical.

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

Security researchers discovered multiple critical reverse RDP vulnerabilities in the remote desktop application Apache Guacamole. It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines.

Risk 90

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. . As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems.

Yomi Hunter Catches the CurveBall

Security Affairs

The recent CurveBall vulnerability shook the Info-Sec community worldwide: a major vulnerability reported directly by the US National Security Agency. The post Yomi Hunter Catches the CurveBall appeared first on Security Affairs.

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

According to his LinkedIn profile , Schulte worked for the NSA for five months in 2010 as a systems engineer, after this experience, he joined the CIA as a software engineer and he left the CIA in November 2016.

IT 112

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed to North Korea.