Hiring Managers Looking for Systems Administrators

Cllax

When your company is on the hunt for systems administrators, you can be forgiven if you feel like the deck is stacked against you. The position is a hard one. Guest Post

Your next move: Cloud systems administrator

Information Management Resources

Becoming a cloud systems administrator allows you to be on the leading edge of systems technology in heavily virtualized environments, in an IT niche that will grow

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

6 reflections on the key role that system administrators play

Information Management Resources

In recognition of July 27 as System Administrator Appreciation Day, six technology executives share their thoughts on why these professionals are so vital to the organization. Hardware and software Data management Data types

Edward Snowden in His Own Words: Why I Became a Whistle-Blower

WIRED Threat Level

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act. Backchannel Security

Why you don’t want to run a roll-your-own cloud

DXC

But, but, as someone who cut his teeth on Unix system administration back in the 80s, I also run my own smaller private clouds using a homebrew of programs. Thanks to my job, I have accounts on many public clouds. I also have production private clouds — open-source OpenStack and NextCloud spring to mind. Self-hosting […]. Cloud

Boosting Security Effectiveness with 'Adjuvants'

Dark Reading

How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program

Interview: Streamlining the student experience with Jamf and AppConfig

Jamf

This interview with Matt Green, is an Apple System Administrator at Lubbock-Cooper ISD, outlines his use of a powerful yet rarely-discussed feature of MDM: Managed App Configuration. We sat down with Matt to discuss the apps that are helping in this time of distance learning, and the power that AppConfig brings to admins

MDM 67

Working BlueKeep Exploit Developed by DHS

Threatpost

The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000. Hacks Vulnerabilities bluekeep Bluekeep exploit critical vulnerability DHS Exploit Microsoft WannaCry Windows 2000

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

Threatpost

Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. Malware backdoor EternalRomance follow on attacks Monero pyromine remote desktop ShadowBrokers smb1

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators. But the Cambridge researchers note that each takedown creates further repetitive, tedious, work for the administrators to set up their sites anew.

Simplify records management while improving information governance

OpenText Information Management

Challenge: Your organization has many users involved in the lifecycle management of important information assets–from knowledge workers to legal associates to system administrators and, yes, Records Managers.

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf. A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston , 22, of Macon, Ga.,

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

Google has begun contacting system administrators whose organizations would have been affected by the glitch to encourage them to change their passwords. Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005.

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. based cybersecurity firm Hold Security , KrebsOnSecurity contacted the office of Florence’s mayor to alert them that a Windows 10 system in their IT environment had been commandeered by a ransomware gang. ” But on Friday, Florence Mayor Steve Holt confirmed that a cyberattack had shut down the city’s email system.

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

” CVE-2020-1350 is just the latest worry for enterprise system administrators in charge of patching dangerous bugs in widely-used software. The Windows Server isn’t the only nasty one addressed this month that malware or malcontents can use to break into systems without any help from users. Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files.

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. . “The mining attempt… quickly overloaded most of our systems which alerted us to the issue immediately,” the company announced May 3, adding that “[t]here is no direct evidence that private customer data, passwords or other information has been compromised. .

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system.” The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system. Administrators should update their Unified CCE installs as soon as possible.

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

“CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 , U.S. Keep operating system patches up-to-date. Do not add users to the local administrators group unless required.

Nick Jovanovic, VP Federal of Thales eSecurity Federal, Speaks to Media about Data Security

Thales eSecurity

He suggests that protecting data that is on your system should be the focus. When Edward Snowden used his credentials as a system administrator to access thousands of pages of sensitive information, companies like Thales eSecurity Federal sought out solutions that gave “granular” access to the document. In other words, a system administrator should be able to maintain the system without seeing what is in the files he is backing up or transferring.

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems. Memory hacking is being carried out across paths that have been left comparatively wide open to threat actors who are happy to take full advantage of the rather fragile framework of processes that execute deep inside the kernel of computer operating systems.

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.”

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

The accused, 36-year-old John “Armada” Revesz , has maintained that Orcus is a legitimate “ R emote A dministration T ool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product.

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

This begins with securing sensitive school district records, belonging not just to students, faculty and staff, and includes monitoring and protecting online payment systems, now sure to come under expanded Business Email Compromise ( BEC ) attacks. In addition, an added MFA layer for administrators of these resources can be added to verify sensitive actions, such as configuration changes.”

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

Here are the key takeaways: Micro-managing workloads Companies today are immersed in digital transformation; they’re migrating to cloud-based business systems, going all in on mobile services and embracing Internet of Things systems whole hog. It gives system administrators a way to secure each microsegment, separately. Agile software innovation is the order of the day. Wonderous digital services are the result.

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

“When the user opens this drive ( or remote share) in Windows Explorer or any other application that parses the.LNK file, the malicious binary will execute code of the attacker’s choice on the target system.” Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them.

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

Citadelo experts were able to perform the following actions triggering the vulnerability: View content of the internal system database, including password hashes of any customers allocated to this infrastructure. Modify the system database to steal foreign virtual machines (VM) assigned to different organizations within Cloud Director. Researchers disclosed a flaw in VMware Cloud Director platform, tracked as CVE-2020-3956 , that could be abused to takeover corporate servers.

Cloud 71

ITALY: First GDPR fine issued!

DLA Piper Privacy Matters

the database of the Rousseau system to guarantee the integrity of data and at least the ex-post control of the activities carried out on the system which remained an unsolved issue. Additionally, the Garante challenged that system administrators were using shared accounts with quite large privileges in the operation of the platform.

GDPR 81

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

According to the CISA alert, the attackers used the above technique to deliver the BLINDINGCAN remote access trojan (RAT) (aka DRATzarus) and access the victim’s system for reconnaissance purpose.

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” “Administrators can update Exim Mail Transfer Agent software through their Linux distribution’s package manager or by downloading the latest version from [link]. The U.S.

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

The Last Watchdog

Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. One such go-to APT technique is to remotely leverage legit administrative tools to carry out malicious activities — under cover. The recent network breach of Wipro , a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways.

Lousy IoT Security

Schneier on Security

DTEN makes smart screens and whiteboards for videoconferencing systems. Arbitrary code execution: unauthenticated root shell access through Android Debug Bridge (ADB) leads to arbitrary code execution and system administration (CVE-2019-16273). Access to Factory Settings: provides full administrative access and thus a covert ability to capture Windows host data from Android, including the Zoom meeting content (audio, video, screenshare) (CVE-2019-16272).

IoT 63

Legendary Help: Keeping benefits running despite historic unemployment

Rocket Software

with many states’ mission-critical systems hobbled by similar rates of increase at around the same time. There’s a reason why banks, governments, and so many other businesses rely on IBM Z mainframes for their critical IT infrastructure: the newest IBM Z systems can process 2.5

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. A Russian-speaking hacker, who goes by the name of Alexey, claims to have hacked into over 100,000 MikroTik routers with a specific intent, disinfect them. Earlier August, experts uncovered a massive crypto jacking campaign that was targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic.

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

Rezvesz maintains his software was designed for legitimate use only and for system administrators seeking more powerful, full-featured ways to remotely manage multiple PCs around the globe. This makes it harder for targets to remove it from their systems. According to Rezvesz himself, he is no stranger to the Canadian legal system.

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines. Security researchers discovered multiple critical reverse RDP vulnerabilities in the remote desktop application Apache Guacamole. Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway.

Risk 68

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network. The concept was based on the root access that the accounts provided to IT and systems administrators, who used these power accounts to maintain the network and systems.

Access 123

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

Today there exists a widening shortage of security analysts talented and battle tested enough to make sense of the rising tide of data logs inundating their SIEM systems. Rising implementations of cloud services and IoT systems, not to mention the arrival of 5G, has quickened the pace of software development and multiplied data handling complexities. It’s all about making a software system that’s able to access those human capabilities,” Saurabh says.

Thangrycat: A Serious Cisco Vulnerability

Schneier on Security

That said, Thrangrycat only works once you have administrative access to the device. Attack #1 gets you remote administrative access, Attack #2 is Thrangrycat. people have your systems well secured and are applying updates and patches consistently and you're not a regular target of nation-state actors, you're relatively safe from Attack #1, and therefore, pretty safe from Thrangrycat. Many systems don't even have administrative access configured correctly.

Google will shut down consumer version of Google+ earlier due to a bug

Security Affairs

No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.” “A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered.

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. “This one seems to target enterprise systems.”