Access and Systems administration - Information Management Today

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. “An internal investigation revealed that an employee had been providing unauthorized access to users’ mailboxes for personal gain. Pierluigi Paganini.

Access

Access Systems administration Data breaches Security

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

DECEMBER 7, 2020

Last week, the company finally released security updates to fix the CVE-2020-4006 zero-day flaw in Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. Affected versions are: VMware Workspace One Access 20.10 (Linux) VMware Workspace One Access 20.01 (Linux) VMware Identity Manager 3.3.1

Systems administration

Systems administration Access Cybersecurity Authentication

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. Threat actors were also observed uploading and use custom webshells to enable network access [T1505.003].

Ransomware

Ransomware Systems administration Cybersecurity Encryption

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

The vulnerability could potentially allow an authenticated attacker to gain access to corporate network, access to sensitive data, and control private clouds within an entire infrastructure. The flaw can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access. x before 10.0.0.2,

Cloud

Cloud Systems administration Passwords Authentication

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

The types of fixed vulnerabilities include remote access and code execution, elevation of privilege, denial of service, and cross-site request forgeries. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Systems administration

Systems administration Passwords Communications Access

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The attacks are part of a large-scale campaign that also resulted in unauthorized access to a Soliton file shared storage used by the Japanese Prime Minister’s Cabinet Office staff. The vendor recommended changing system administrator account, reset access control, and installing the latest available version. and V5.0.3.

Systems administration

Systems administration Government Access Security

Possible Chinese Hackers Exploit Microsoft Exchange 0-Days

Data Breach Today

OCTOBER 1, 2022

No Patch Yet Available Although Exploitation Requires Authenticated Access Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials. The computing giant says it doesn't yet have a patch, telling systems administrators to instead implement workarounds.

Systems administration

Systems administration Authentication Access IT

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The investigation into the incident revealed that operators at the plant were using out-of-date Windows 7 systems and poor account passwords, and the desktop sharing software TeamViewer was used by the attackers to breach the network of the plant. Identify and suspend access of users exhibiting unusual activity. Windows 10).

Passwords

Passwords Systems administration Risk Access

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

“These attacks leverage a number of already infected devices to try and guess common administrative credentials, and if successful, will access the system to install its malicious payload, which may include ransomware.” .” reads the security advisory published by the vendor.

Ransomware

Ransomware Systems administration Authentication Security

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

The security researcher Eaton Zveare has exploited a vulnerability in Toyota’s Global Supplier Preparation Information Management System (GSPIMS) to achieve system admin access to Toyota’s global supplier management network. made it easy to find accounts that had elevated access to the system.

Systems administration

Systems administration Passwords Access Authentication

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

The module has full access to all the firmware, hardware, software, and operating system installed on the server. . The persistence achieved by tampering this module allows the malware to survive to the re-installation of the operating system. The level of sophistication of these attacks suggests the involvement of an APT group.

Systems administration

Systems administration Access Cybersecurity Security

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. Original post at [link].

Authentication

Authentication Access Systems administration Ransomware

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

JANUARY 14, 2019

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network. Years ago, privileged access typically referred primarily to privileged users.

Access

Access Risk Systems administration Marketing

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” ” “NSA adds its encouragement to immediately patch to mitigate against this still current threat.”

Systems administration

Systems administration Military Access Security

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

Each private key serves a narrow function: it gives the same type of authenticity and level of access to each user. All the attacker needs to do, he says, is to take over the account of a legitimate user to attain deep access to a lot of sensitive information stored in the cloud. Attribute-based access. This creates exposure.

Encryption

Encryption Access Artificial Intelligence IoT

US CISA and NSA publish guidance to secure Kubernetes deployments

Security Affairs

AUGUST 4, 2021

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.

Security

Security Systems administration Mining Risk

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7, operating under the guise of Bastion Secure, published job offers for programmers (PHP, C++, Python), system administrators, and reverse engineers. The gang was looking for administrators to map out compromised companies’ networks and locate sensitive data, including backup. ” continues the expert.

Ransomware

Ransomware Cybersecurity Systems administration Access

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

JULY 2, 2020

It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines. Apache Guacamole allows users within an organization to remotely access their desktops simply using a web browser post an authentication process.

Risk

Risk Systems administration Authentication Access

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

NOVEMBER 30, 2021

These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. What is Privileged Access Management (PAM)? Enter Privileged Access Management (PAM). Privileged Access Management vs IAM.

Access

Access Analytics Passwords Cloud

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations: Maintain up-to-date antivirus signatures and engines. Keep operating system patches up-to-date. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.

Healthcare

Healthcare Passwords Government Systems administration

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware to access multinational companies’ networks. ” reads the joint advisory.

Cybersecurity

Cybersecurity Systems administration Access Government

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” Andrey Medov at Positive Technologies explains. The second one allows arbitrary code execution.

Systems administration

Systems administration Security Access IT

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, attempt to escalate privileges and move laterally, and deliver malware and exfiltrate data. ” reads the post published by Microsoft.

Ransomware

Ransomware Systems administration Encryption Passwords

Thousands of RDM refrigeration systems exposed online are at risk

Security Affairs

FEBRUARY 10, 2019

Systems exposed online could be accessed via HTTP on ports 9000, 8080, 8100, or 80. An attacker can easily access the vulnerable instances because they use a known default username and password combination. In many cases, the web interface can be accessed without authentication.

Risk

Risk Passwords Systems administration Access

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.” ” reads the security advisory published. What’s Behind HPE’s Critical Bug? Tenable posted a proof of concept of the attack.

Authentication

Authentication Passwords Systems administration Cloud

Google will shut down consumer version of Google+ earlier due to a bug

Security Affairs

DECEMBER 11, 2018

Google will shut down the Application programming interface programs (APIs) used by developers to access Google+ data within 90 days, due to the discovery of a bug. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

Systems administration

Systems administration Access Security IT

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function.

Systems administration

Systems administration Security IT Access

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools. The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

JUNE 13, 2023

today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. “An attacker able to gain admin access to an internal SharePoint server could do a lot of harm to an organization,” said Kevin Breen , director of cyber threat research at Immersive Labs.

Systems administration

Systems administration Authentication Access Phishing

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. “I added firewall rules that blocked access to the router from outside the local network,” Alexey wrote.

Mining

Mining Systems administration Security Access

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. ” continues the post. ” continues the analysis.

Authentication

Authentication Passwords Encryption Systems administration

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Systems administration

Systems administration Military Phishing Government

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

According to the CISA alert, the attackers used the above technique to deliver the BLINDINGCAN remote access trojan (RAT) (aka DRATzarus) and access the victim’s system for reconnaissance purpose. In April, the U.S.

Military

Military Systems administration Government Access

Patch Tuesday, October 2024 Edition

Krebs on Security

OCTOBER 8, 2024

“Once a user is deceived into interacting with this content (typically through phishing attacks), the attacker can potentially gain unauthorized access to sensitive information or manipulate web-based services,” he said.

Systems administration

Systems administration Cybersecurity Phishing Security

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Department of Justice , RSOCKS offered clients access to IP addresses assigned to devices that had been hacked: “A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront’ (i.e., “I opened an American visa for myself, it was not difficult to get.

Sales

Sales Access Systems administration Marketing

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. A quick examination of the publicly accessible profile of the Moscow-based server swiftly uncovered a peculiarity.

Ransomware

Ransomware Systems administration IT Access

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. It has no access to customer endpoints and has been shut down – and will no longer be enabled or used by Kaseya.”

IT

IT Ransomware Systems administration Authentication

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

If the NAS is exposed to the Internet the dashboard will display the message “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router.

Security

Security Ransomware Encryption Systems administration

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. ” reads the report published by Kaspersky.

IT

IT Systems administration Military Cybersecurity

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

The vulnerability could be exploited by attackers to gain access to the TMUI component to execute arbitrary system commands, disable services, execute arbitrary Java code, and create or delete files, and potentially take over the BIG-IP device. System administrators need to upgrade to fixed versions ASAP.

Honeypots

Honeypots Systems administration Passwords Cybersecurity

Wireshark fixed three flaws that can crash it via malicious packet trace files

Security Affairs

SEPTEMBER 2, 2018

. “To inject malformed packets that the Wireshark application may attempt to parse, the attacker may need access to the trusted, internal network where the targeted system resides. This access requirement may reduce the likelihood of a successful exploit.”.

IT

IT Systems administration Access Security

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” “Threat actors have been keen to exploit the popularity of these tools, promising unrestrictive access. ” concludes the report.

Systems administration

Systems administration Access Security Cybersecurity

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. For instance, restrict access to the daemon and encrypt the communication protocols it uses to connect to the network. Docker Trusted Registry ).

Mining

Mining Systems administration Encryption Authentication

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges.” ” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. .” when running on a Microsoft Windows end-user system. and later prior to 33.0.5,

Systems administration

Systems administration Authentication Security IT

Yandex security team caught admin selling access to users’ inboxes

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Webinars

Trending Sources

FBI and CISA published a new advisory on AvosLocker ransomware

Webinars

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Cisco fixes a static default credential issue in Smart Software Manager tool

Hackers are targeting Soliton FileZen file-sharing servers

Possible Chinese Hackers Exploit Microsoft Exchange 0-Days

FBI’s alert warns about using Windows 7 and TeamViewer

StealthWorker botnet targets Synology NAS devices to drop ransomware

Researcher compromised the Toyota Supplier Management Network

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Hacker breaches key Russian ministry in blink of an eye

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

US CISA and NSA publish guidance to secure Kubernetes deployments

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Critical Apache Guacamole flaws expose organizations at risk of hack

Best Privileged Access Management (PAM) Software for 2022

US govt agencies share details of the China-linked espionage malware Taidoor

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Thousands of RDM refrigeration systems exposed online are at risk

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Google will shut down consumer version of Google+ earlier due to a bug

Caketap, a new Unix rootkit used to siphon ATM banking data

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Microsoft Patch Tuesday, June 2023 Edition

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

USBAnywhere BMC flaws expose Supermicro servers to hack

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Patch Tuesday, October 2024 Edition

Meet the Administrators of the RSOCKS Proxy Botnet

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

How to secure QNAP NAS devices? The vendor’s instructions

North Korea-linked Lazarus APT targets the IT supply chain

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Wireshark fixed three flaws that can crash it via malicious packet trace files

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Stay Connected