Hiring Managers Looking for Systems Administrators

Cllax

When your company is on the hunt for systems administrators, you can be forgiven if you feel like the deck is stacked against you. The position is a hard one. Guest Post

Your next move: Cloud systems administrator

Information Management Resources

Becoming a cloud systems administrator allows you to be on the leading edge of systems technology in heavily virtualized environments, in an IT niche that will grow

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

6 reflections on the key role that system administrators play

Information Management Resources

In recognition of July 27 as System Administrator Appreciation Day, six technology executives share their thoughts on why these professionals are so vital to the organization. Hardware and software Data management Data types

Payment Card Theft Ring Tech Leader Gets 10-Year Sentence

Data Breach Today

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

Payment Card Theft Ring Tech Leader Sentenced to 10 Years

Data Breach Today

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

OpenSSL Fixes Flaws That Could Lead to Server Takedowns

Data Breach Today

System Administrators Advised to Update to Latest Version That Addresses 2 Vulnerabilities Users of the OpenSSL crypto library should upgrade immediately to the latest version to eliminate serious flaws that attackers could exploit to shut down servers, some security experts warn

Edward Snowden in His Own Words: Why I Became a Whistle-Blower

WIRED Threat Level

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act. Backchannel Security

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

Threatpost

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols. Government Vulnerabilities and Defense Industrial Base CloudFlare Department of Defense (DoD) government Heartbleed National Security System (NSS) NSA SSL TLS 1.0

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. The employee was one of three system administrators with the necessary access rights to provide technical support for the service.

Access 100

Why you don’t want to run a roll-your-own cloud

DXC

But, but, as someone who cut his teeth on Unix system administration back in the 80s, I also run my own smaller private clouds using a homebrew of programs. Thanks to my job, I have accounts on many public clouds. I also have production private clouds — open-source OpenStack and NextCloud spring to mind. Self-hosting […]. Cloud

Boosting Security Effectiveness with 'Adjuvants'

Dark Reading

How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program

Interview: Streamlining the student experience with Jamf and AppConfig

Jamf

This interview with Matt Green, is an Apple System Administrator at Lubbock-Cooper ISD, outlines his use of a powerful yet rarely-discussed feature of MDM: Managed App Configuration.

MDM 87

The right way to migrate to the cloud: All in, but with the right tools – New white paper

Quest Software

Learn the right way from this DCIG paper on system administration practices and performance monitoring tools.( Going all in to migrate to the cloud? read more ). Foglight Foglight for Virtualization

Working BlueKeep Exploit Developed by DHS

Threatpost

The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000. Hacks Vulnerabilities bluekeep Bluekeep exploit critical vulnerability DHS Exploit Microsoft WannaCry Windows 2000

5 ways containerization can help Documentum administrators

OpenText Information Management

IT and system administrators struggle to maintain and upgrade complex, highly customized content management platforms. And that’s just to manage the basics.

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

Threatpost

Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. Malware backdoor EternalRomance follow on attacks Monero pyromine remote desktop ShadowBrokers smb1

Chinese Hackers Stole an NSA Windows Exploit in 2014

Schneier on Security

Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control.

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

The flaw is a command injection bug that could be exploited by attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. An attacker could exploit this vulnerability to take control of an affected system.”

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

The CVE-2021-20655 vulnerability could be exploited by a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. The vendor recommended changing system administrator account, reset access control, and installing the latest available version.

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. ” But on Friday, Florence Mayor Steve Holt confirmed that a cyberattack had shut down the city’s email system.

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

As digital transformation kicks into high gear, it’s certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses. Yet all organizations today, no matter their size or sector, face the same daunting security challenge: how to preserve the integrity of their IT systems when the attack surface is expanding and intrusion attempts are intensifying. There are a lot of moving parts to modern IT systems.

Access 156

Simplify records management while improving information governance

OpenText Information Management

Challenge: Your organization has many users involved in the lifecycle management of important information assets–from knowledge workers to legal associates to system administrators and, yes, Records Managers.

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

Google has begun contacting system administrators whose organizations would have been affected by the glitch to encourage them to change their passwords. Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005.

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over.

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

” CVE-2020-1350 is just the latest worry for enterprise system administrators in charge of patching dangerous bugs in widely-used software. Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files.

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak.

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. . As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems.

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

System administrators are recommended to update their VMWare ESXi installs or disable SLP support to secure them. Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks.

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI alert also warns of the risk of using Windows 7 operating system that has reached end-of-life on January 14, 2020.

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

More than a dozen versions of software are impacted, running on operating systems ranging from CentOS 7, Red Hat Enterprise Linux, SUSE and multiple versions of Windows, according to HPE. “A

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system.” The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system.

Latest on the SVR’s SolarWinds Hack

Schneier on Security

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R.

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value.

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

Here are the key takeaways: Micro-managing workloads Companies today are immersed in digital transformation; they’re migrating to cloud-based business systems, going all in on mobile services and embracing Internet of Things systems whole hog.

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

This begins with securing sensitive school district records, belonging not just to students, faculty and staff, and includes monitoring and protecting online payment systems, now sure to come under expanded Business Email Compromise ( BEC ) attacks.

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems. Memory hacking is being carried out across paths that have been left comparatively wide open to threat actors who are happy to take full advantage of the rather fragile framework of processes that execute deep inside the kernel of computer operating systems.

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

“When the user opens this drive ( or remote share) in Windows Explorer or any other application that parses the.LNK file, the malicious binary will execute code of the attacker’s choice on the target system.”