2021, IT, Passwords and Systems administration - Information Management Today

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Sanders said the portal had been retired in 2018 in favor of a more modern customer support and ticketing system, yet somehow the old site was still left available online.

IT

IT Ransomware Systems administration Authentication

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud security threats facing cybersecurity professionals. Those concerns are certainly justified. What is cloud security? Source: Microsoft.

Cloud

Cloud Security Encryption Risk

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. The biggest is password re-use by cybercriminals (yes, crooks are lazy, too). victim organizations.

Ransomware

Ransomware Passwords Systems administration IT

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203 , that could be exploited by attackers to compromise a customer’s cloud infrastructure. ” reads the security advisory published. Rated critical, with a CVSS score of 9.8,

Authentication

Authentication Passwords Systems administration Cloud

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Sales

Sales Systems administration Mining Risk

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. “Looking at network telemetry, we were able to confirm that we saw victims talking back to it on various ports.”

Analytics

Analytics Passwords Systems administration Retail

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were then able to use the “PrintNightmare” Windows Print Spooler vulnerability ( CVE-2021-34527 and CVE-2021-36958 ) to obtain administrator privileges. Require all accounts with password logins (e.g.,

Authentication

Authentication Passwords Access Systems administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Authentication

Authentication Passwords Systems administration Access

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

Figure.NET flags (left) and obfuscation pattern (right) The tool is designed for two main purposes: generating comb lists of local windows user names and potential passwords, and testing them locally. The tool is able to automatically retrieve local users from groups, filter for administration, and then test the password.

Ransomware

Ransomware Encryption Passwords Systems administration

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

It continues: “Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system. “The command requires Windows system administrators,” Truniger’s ads explained. “Experience in backup, increase privileges, mikicatz, network. “Soundcloud.”

Ransomware

Ransomware Data breaches Encryption Systems administration

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. Attackers use Sentry’s System Manager Portal to configure Sentry and its operating system, potentially executing operating system commands on the appliance as root, according to Ivanti.

Authentication

Authentication Ransomware Passwords Cybersecurity

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. Attackers use Sentry’s System Manager Portal to configure Sentry and its operating system, potentially executing operating system commands on the appliance as root, according to Ivanti.

Authentication

Authentication Ransomware Passwords Cybersecurity

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally: Conduct regular backups and store them as air-gapped, password-protected copies offline. And the Cybersecurity and Infrastructure Security Agency (CISA) added 15 more vulnerabilities to its list of actively exploited vulnerabilities.

Ransomware

Ransomware Encryption Agriculture Cybersecurity

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack. When administrators noticed suspicious behavior on Friday, Kaseya shut down VSA. Establishing Standards for Secure Systems.

IT

IT Ransomware B2B Access

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Normally account take overs are due to insecure passwords or recovery options, this is definitely something different. Also read: Top Endpoint Detection and Response (EDR) Solutions for 2021. — Eva (@evacide) October 4, 2021. pic.twitter.com/gvP2ne9kTR — Graham Cluley (@gcluley) March 25, 2021.

Cybersecurity

Cybersecurity e-Discovery Passwords Information Security

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. As remote desktop solutions are prevalent among IT and managed service providers (MSP), downstream clients can be at risk, as Kaseya experienced in 2021. Reconnaissance.

Security

Security Access Authentication Encryption

What Is an Insider Threat? Definition, Types, and Examples

IT Governance

APRIL 25, 2023

For example, this could happen if an insider damages the organisation’s server or deletes information from its Cloud systems. An engineer at the firm, Jean Patrice Delia, had persuaded an IT administrator to grant him access to sensitive information, which he siphoned off with the intention of starting a rival company.

Data breaches

Data breaches Phishing Personal data Access

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Encryption

Encryption Communications IoT Marketing

Information Management Today

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Top 12 Cloud Security Best Practices for 2021

Webinars

Trending Sources

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Webinars

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Who and What is Behind the Malware Proxy Service SocksEscort?

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

China-linked threat actors have breached telcos and network service providers

Dissecting the malicious arsenal of the Makop ransomware gang

A Closer Look at the Snatch Data Ransom Group

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

Kaseya Breach Underscores Vulnerability of IT Management Tools

Top Cybersecurity Accounts to Follow on Twitter

Addressing Remote Desktop Attacks and Security

What Is an Insider Threat? Definition, Types, and Examples

Updates from the MaaS: new threats delivered through NullMixer

Stay Connected