Krebs on Security

MARCH 11, 2025

The final zero-day this month is CVE-2025-26633 , a weakness in the Microsoft Management Console , a component of Windows that gives system administrators a way to configure and monitor the system. As with the NTFS bugs, this one requires that the user mount a malicious virtual hard drive.

Systems administration 257

Systems administration Security Access IT 257

Data Breach Today

APRIL 19, 2021

Fedir Hladyr of Ukraine Admitted to Working as System Admin for FIN7 A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.

Systems administration 247

Systems administration IT 247

WIRED Threat Level

SEPTEMBER 22, 2019

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act.

Systems administration 232

Systems administration Security 232

Data Breach Today

AUGUST 16, 2023

Online Scans Show More Than 1,200 Patched NetScaler Devices Are Backdoored Hackers moved faster than system administrators to exploit a zero-day vulnerability in Citrix NetScaler appliances by dropping web shells that remain active even after a patch, warn Dutch security researchers.

Systems administration 242

Systems administration Security IT 242

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. ” concludes DoJ.

Systems administration 343

Systems administration Encryption Communications Security 343

Security Affairs

MAY 25, 2020

The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system. Administrators should update their Unified CCE installs as soon as possible. .” An unauthenticated, remote attacker could exploit the issue to execute arbitrary code as the root user on a vulnerable device.

Systems administration 332

Systems administration Security IT Information Security 332

Data Breach Today

OCTOBER 1, 2022

The computing giant says it doesn't yet have a patch, telling systems administrators to instead implement workarounds. No Patch Yet Available Although Exploitation Requires Authenticated Access Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials.

Systems administration 223

Systems administration Authentication Access IT 223

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware 352

Ransomware Systems administration Authentication Security 352

Security Affairs

JANUARY 10, 2025

The alert issued by Japan NPA recommends System Administrators to: Implement centralized log management to track breaches, as logs are critical for identifying causes and scope. Use tools like SIEM or CISAs “Logging Made Easy” for log aggregation.

Systems administration 191

Systems administration Communications Manufacturing Government 191

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. Experts pointed out that the attacks begun before the vendor has fixed the issues, this means that we cannot exclude that threat actors have compromised organizations using the popular file-sharing servers.

Systems administration 321

Systems administration Government Access Security 321

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account. Read other sensitive data related to customers, like full names, email addresses or IP addresses.

Cloud 327

Cloud Systems administration Authentication Passwords 327

Collaboration 2.0

SEPTEMBER 6, 2024

On the other hand, Red Hat Enterprise Linux AI will help system administrators and developers alike. Many AI programs, despite all the hype, aren't that useful.

Systems administration 190

Systems administration IT 190

Security Affairs

FEBRUARY 20, 2020

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Systems administration 355

Systems administration Passwords Communications Access 355

Security Affairs

FEBRUARY 8, 2021

The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over. Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing.

Systems administration 353

Systems administration Phishing Security IT 353

Security Affairs

FEBRUARY 8, 2023

The expert used the JWT to access the GSPIMS portal and after gaining access to the platform he discovered an account with system administrator privileges. made it easy to find accounts that had elevated access to the system. I eventually uncovered a system administrator email and was able to log in to their account.

Systems administration 246

Systems administration Passwords Access Authentication 246

Data Breach Today

JUNE 11, 2024

The TellYouThePass ransomware group sees opportunity whenever system administrators must scramble to patch systems.

Ransomware 189

Ransomware Systems administration 189

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Additional technical details on the Microsoft’s Patch Tuesday updates for March 2020 are available in the analysis published by Zero Day Initiative.

Systems administration 326

Systems administration Security IT Information Security 326

Krebs on Security

JANUARY 20, 2020

The 2016 story on BackConnect featured an interview with a former system administrator at FSF who said the nonprofit briefly considered working with BackConnect, and that the attacks started almost immediately after FSF told the company’s owners they would need to look elsewhere for DDoS protection.

Systems administration 361

Systems administration IoT IT Security 361

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets.

Systems administration 311

Systems administration Marketing Risk Security 311

Security Affairs

DECEMBER 30, 2021

One of the most outstanding capabilities of iLOBleed is the manipulation of the iLO firmware upgrade routine, when the system administrator tries to upgrade the iLO firmware, the malware simulates the version change while preventing the upgrade routine. . ” continues the report.

Systems administration 360

Systems administration Access Cybersecurity Security 360

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” Andrey Medov at Positive Technologies explains. The second one allows arbitrary code execution.

Systems administration 357

Systems administration Security Access IT 357

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies.

IT 341

IT Ransomware Systems administration Authentication 341

Security Affairs

DECEMBER 24, 2020

The attacks began last week, the systems administrator Marco Hofmann first detailed them. I found these source IP addresses of the attackers in my nstraces: 45.200.42.0/24 24 220.167.109.0/24 Most of the victims of these attacks are in the gaming industry. ” wrote Hofmann.

Communications 362

Communications Systems administration Authentication Security 362

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” Other vulnerabilities exist and are likely to be exploited, so the latest fully patched version should be used. ” concludes NSA.

Systems administration 353

Systems administration Military Access Security 353

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Systems administration 246

Systems administration Military Phishing Government 246

Security Affairs

FEBRUARY 2, 2021

System administrators are recommended to update their VMWare ESXi installs or disable SLP support to secure them. ZDNet reported that at the time of this writing only RansomExx ransomware operators are exploiting the above issues, but it is aware that the operators of the Babuk Locker ransomware will implement a similar attack chain.

Encryption 279

Encryption Ransomware Systems administration Cybersecurity 279

Security Affairs

AUGUST 4, 2021

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. The guidance details the security challenges associated with setting up and securing a Kubernetes cluster.

Security 274

Security Systems administration Mining Risk 274

Security Affairs

FEBRUARY 14, 2021

. “Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” states the FBI’s PIN alert.

Passwords 362

Passwords Systems administration Risk Access 362

Security Affairs

MARCH 18, 2022

In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function. Below is an example command to identify a hooked ipcl_get_next_conn function: root@solaris:~# echo ‘ipcl_get_next_conn::dis -n 0 ; ::quit’ | mdb -k.

Systems administration 361

Systems administration Security IT Access 361

Security Affairs

JULY 2, 2020

It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines. Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway.

Risk 357

Risk Systems administration Authentication Access 357

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . The Malware Threat behind CurveBall.

Systems administration 327

Systems administration Risk Communications Security 327

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. Threat actors also exploited the exploit code for the CVE-2018-14847 vulnerability in MikroTik routers to recruit them in botnets such as Mirai and VPNFilter.

Mining 278

Mining Systems administration Security Access 278

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” ” reads the post published by Microsoft.

Ransomware 362

Ransomware Systems administration Encryption Passwords 362

Krebs on Security

OCTOBER 8, 2024

. “This creates a risk for employees using these older systems as part of their everyday work, especially if they are accessing sensitive data or performing financial transactions online,” he said. “Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system.”

Systems administration 290

Systems administration Cybersecurity Phishing Security 290

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Ransomware 362

Ransomware Systems administration IT Access 362

Security Affairs

MAY 5, 2021

SSH stands for Secure Shell or Secure Socket Shell and is a network protocol that is most often used by system administrators for remote command-line requests, system logins and also for remote command execution. This allows the attacker to SSH to the EIM host as root.”. Tenable posted a proof of concept of the attack.

Authentication 332

Authentication Passwords Systems administration Cloud 332

Security Affairs

OCTOBER 27, 2021

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. ” reads the report published by Kaspersky.

IT 318

IT Systems administration Military Cybersecurity 318