Cybersecurity and Systems administration - Information Management Today

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The gang space creates fake cybersecurity companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities. Pierluigi Paganini.

Ransomware

Ransomware Cybersecurity Systems administration Access

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

FBI and CISA published a joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with AvosLocker ransomware. The joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort aimed at sharing technical details associated with various ransomware operations.

Ransomware

Ransomware Systems administration Cybersecurity Encryption

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

DECEMBER 7, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) also published a security advisory on the CVE-2020-4006 zero-day flaw. ” According to the NSA, the threat actors installed a web shell on the VMWare Workspace ONE system and then forged SAML credentials for themselves. .” ” concludes the advisory.

Systems administration

Systems administration Access Cybersecurity Authentication

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware to access multinational companies’ networks. Federal Bureau of Investigation (FBI), the U.S.

Cybersecurity

Cybersecurity Systems administration Access Government

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

The module has full access to all the firmware, hardware, software, and operating system installed on the server. . The attacks were spotted by Iranian cybersecurity firm Amnpardaz, this is the first time ever that malware targets iLO firmware. The level of sophistication of these attacks suggests the involvement of an APT group.

Systems administration

Systems administration Access Cybersecurity Security

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account. SecurityAffairs – VMware Cloud Director, cybersecurity). Pierluigi Paganini.

Cloud

Cloud Systems administration Passwords Authentication

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

The news of the attack was also confirmed by the popular cybersecurity researchers Kevin Beaumont that reported that threat actors are using the two issues to bypass all Windows OS security, by shutting down VMs and encrypting the VMDK’s directly on hypervisor. Threat actors left the ransom note at the datastore level.

Encryption

Encryption Ransomware Systems administration Cybersecurity

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City experts believe that the group specifically targeted a prioritized list of servers using legitimate Microsoft system administrative tools. The City immediately initiated mitigation efforts after the discovery of the attack and it started restoring its services with the help of external cybersecurity experts.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

In mere seconds, a hacker remotely accessed a computer belonging to a regional Russian Ministry of Health, taking advantage of sloppy cybersecurity practices to expose its entire network. Spielerkid89, who wished to remain anonymous, did not intend to harm the organization and left its systems intact. Original post at [link].

Authentication

Authentication Access Systems administration Ransomware

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. Experts pointed out that the attacks begun before the vendor has fixed the issues, this means that we cannot exclude that threat actors have compromised organizations using the popular file-sharing servers.

Systems administration

Systems administration Government Access Security

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

” Also read: Cybersecurity Employment in 2022: Solving the Skills Gap. Also read: How to Get Started in a Cybersecurity Career. The Top Cybersecurity Certifications. With that advice in mind, here are 15 cybersecurity certifications particularly worth considering. IBM Cybersecurity Analyst Professional Certificate.

Cybersecurity

Cybersecurity Systems administration Information Security Compliance

Patch Tuesday, October 2024 Edition

Krebs on Security

OCTOBER 8, 2024

Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “ Sequoia ” update that broke many cybersecurity tools. “Since the discovery of CVE-2024-43572, Microsoft now prevents untrusted MSC files from being opened on a system.”

Systems administration

Systems administration Cybersecurity Phishing Security

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

Cybersecurity and Infrastructure Security Agency (CISA) in August 2020. The CISA MAR provided indicators of compromise (IoCs), Yara rules, and other technical info that could be used by system administrators to discover compromise systems within their networks. ” reads the report published by Kaspersky.

IT

IT Systems administration Military Cybersecurity

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. In the next five years, GenAI/LLM deployments are expected to add $2.6 Roger that.

Cybersecurity

Cybersecurity Systems administration Security Data Privacy

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Systems administration

Systems administration Military Phishing Government

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

based cybersecurity firm Hold Security , KrebsOnSecurity contacted the office of Florence’s mayor to alert them that a Windows 10 system in their IT environment had been commandeered by a ransomware gang. Image: Florenceal.org. On May 26, acting on a tip from Milwaukee, Wisc.-based ” A DoppelPaymer ransom note.

Ransomware

Ransomware Systems administration Cybersecurity Personal data

Five Eyes Intelligence agencies warn of popular hacking tools

Security Affairs

OCTOBER 12, 2018

Experts from cybersecurity agencies from Five Eyes intelligence alliance have issued a report that provides technical details on most popular hacking tool families and the way to detect and neutralizes attacks involving them. 1] [2] [3] [4] [5] ” reads the report published by the experts. Credential Stealer: Mimikatz.

Systems administration

Systems administration Communications Cybersecurity Security

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Ransomware

Ransomware Systems administration IT Access

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

The CIA report highlighted the lax cybersecurity measures by the CIA’s Center for Cyber Intelligence, a super-sophisticated hackers unit. ” continues the report “While CIA was an early leader in securing our enterprise information technology (IT) system, we failed to correct acute vulnerabilities to our mission IT systems.”.

IT

IT Data breaches Systems administration Security

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

link] — USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) July 3, 2020. Researchers Rich Warren from NCC Group told ZDNet that hackers are attempting to exploit the flaw to steal administrator passwords from the hacked devices. System administrators need to upgrade to fixed versions ASAP. Remediate immediately.

Honeypots

Honeypots Systems administration Passwords Cybersecurity

Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring

The Last Watchdog

AUGUST 5, 2024

LAS VEGAS — Humans, unsurprisingly, remain the weak link in cybersecurity. “We looked at the important security advancements and asked how we could build upon them,” Gunn explains, adding that initial interest is coming from companies that will try them out on system administrators and senior execs.

Systems administration

Systems administration Passwords Encryption Communications

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

Cybersecurity researchers from FireEye revealed that the Carbanak source code has been available on VirusTotal for two years, and none noticed it before. Hladyr is suspected to be a system administrator for the group. In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain.

Archiving

Archiving Systems administration Cybersecurity IT

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

SSH stands for Secure Shell or Secure Socket Shell and is a network protocol that is most often used by system administrators for remote command-line requests, system logins and also for remote command execution. This allows the attacker to SSH to the EIM host as root.”. Tenable posted a proof of concept of the attack.

Authentication

Authentication Passwords Systems administration Cloud

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. Ensure that you have dedicated management systems [ D3-PH ] and accounts for system administrators.

Authentication

Authentication Passwords Systems administration Access

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” In this case, the visitors were downloading Midjourney-x64.msix, msix, which is a Windows Application Package also signed by ASHANA GLOBAL LTD. ” concludes the report.

Systems administration

Systems administration Access Security Cybersecurity

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) that includes technical details about a new strain of malware, tracked as BLINDINGCAN, that was attributed to North Korea. In April, the U.S.

Military

Military Systems administration Government Access

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Group-IB, a Singapore-based cybersecurity company , has identified a series of sophisticated successful phishing attacks against the management and executives of more than 150 companies around the world. Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Phishing

Phishing Cloud Financial Services Authentication

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

“Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users. Hackers could read, send or delete emails from any user. “ reports Radio-Canada. explained Faou.

Systems administration

Systems administration Access Communications Cybersecurity

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

I had the chance to discuss these findings last week at Black Hat USA 2022, with John Shier, senior security advisor at Sophos, a next-generation cybersecurity leader with a broad portfolio of managed services, software and hardware offerings. Configure system administrative tools more wisely.

Ransomware

Ransomware Systems administration Encryption Access

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. Memory hacking is being carried out across paths that have been left comparatively wide open to threat actors who are happy to take full advantage of the rather fragile framework of processes that execute deep inside the kernel of computer operating systems.

Energy and Utilities

Energy and Utilities Systems administration Access Cybersecurity

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

Organizations with effective spam filtering, proper system administration and up-to-date Windows hosts have a much lower risk of infection.” It’s also surprising that the malware author would risk criminal prosecution for what must surely be a small amount of profit, given the apparently small customer base.

Sales

Sales Systems administration Mining Risk

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

If the NAS is exposed to the Internet the dashboard will display the message “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router.

Security

Security Ransomware Encryption Systems administration

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.

Sales

Sales Access Systems administration Marketing

Experts spotted Syslogk, a Linux rootkit under development

Security Affairs

JUNE 14, 2022

This is why it is essential for system administrators and security companies to be aware of this kind of malware and write protections for their users as soon as possible.” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Systems administration

Systems administration Security IT Authentication

News alert: Security Risk Advisors launchs VECTR Enterprise Edition for ‘purple team’ benchmarking

The Last Watchdog

AUGUST 2, 2024

This allows user teams to focus on testing, reporting, and remediation without additional burden on system administrators. About Security Risk Advisors: Security Risk Advisors offers Purple Teams, Cloud Security, Penetration Testing, Cyber-Physical Systems Security and 24x7x365 Cybersecurity Operations.

Risk

Risk Security Systems administration Communications

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

Cybersecurity researchers from FireEye revealed that the Carbanak source code has been available on VirusTotal for two years, and none noticed it before. Hladyr is suspected to be a system administrator for the group. In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain.

Archiving

Archiving Systems administration Cybersecurity IT

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

“The lengthy delay for the cleanup routine to activate may be explained by the need to give system administrators time for forensics analysis and checking for other infections.” concludes MalwareBytes. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cleanup

Cleanup Systems administration Ransomware Security

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. I’ve recently had several deep-dive discussions with cybersecurity experts at Juniper Networks, about this. The intensely competitive cybersecurity talent market is partly to blame here.

Security

Security Cloud Digital transformation Cybersecurity

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

SEPTEMBER 11, 2019

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Just ask Capital One , Marriott or Equifax.

Security

Security Big data Cybersecurity Analytics

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

NOVEMBER 28, 2018

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations. Merit 1981. So we did some research.

Cybersecurity

Cybersecurity Systems administration Military Manufacturing

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

The Last Watchdog

MAY 10, 2019

Related: Marriott suffers massive breach We now know, thanks to reporting from cybersecurity blogger Brian Krebs, that the Wipro hack was a multi-month intrusion and likely the work of a nation-state backed threat actor.

Digital transformation

Digital transformation Systems administration Phishing Ransomware

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

NOVEMBER 12, 2018

Related: The ‘gamification’ of cybersecurity training. Ransomware, business email compromises and direct ACH system hacks continue to morph and intensify. Stanger: We typically go in and talk to companies about guiding them down a whole cybersecurity pathway. The exposure faced by SMBs is profound.

Security

Security IT Cybersecurity Privacy

Red Team vs Blue Team vs Purple Team: Differences Explained

eSecurity Planet

FEBRUARY 21, 2023

Red, blue and purple teams simulate cyberattacks and incident responses to test an organization’s cybersecurity readiness. Blue teams consist of security analysts, network engineers and system administrators. The red team literally tests the effectiveness of the organization’s defensive measures — often without warning.

Cybersecurity

Cybersecurity Risk Phishing Security

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

Urgent patching and prompt updates can protect systems from unauthorized access, data breaches, and potential exploitation by threat actors. To secure sensitive data, cybersecurity specialists, software vendors, and end users should encourage collaborative efforts against malicious activities.

Risk

Risk Authentication Systems administration Ransomware

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

FBI and CISA published a new advisory on AvosLocker ransomware

Webinars

Trending Sources

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Webinars

China-linked APT BlackTech was spotted hiding in Cisco router firmware

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Hacker breaches key Russian ministry in blink of an eye

Hackers are targeting Soliton FileZen file-sharing servers

15 Top Cybersecurity Certifications for 2022

Patch Tuesday, October 2024 Edition

North Korea-linked Lazarus APT targets the IT supply chain

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Five Eyes Intelligence agencies warn of popular hacking tools

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

CIA elite hacking unit was not able to protect its tools and cyber weapons

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring

FireEye experts found source code for CARBANAK malware on VirusTotal?

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

China-linked threat actors have breached telcos and network service providers

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

WeSteal, a shameless commodity cryptocurrency stealer available for sale

How to secure QNAP NAS devices? The vendor’s instructions

Meet the Administrators of the RSOCKS Proxy Botnet

Experts spotted Syslogk, a Linux rootkit under development

News alert: Security Risk Advisors launchs VECTR Enterprise Edition for ‘purple team’ benchmarking

FireEye experts found source code for CARBANAK malware on VirusTotal?

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

Red Team vs Blue Team vs Purple Team: Differences Explained

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Stay Connected