Information Security and Systems administration

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

Access

Access Systems administration Data breaches Security

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

DECEMBER 7, 2020

“This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks.”

Systems administration

Systems administration Access Cybersecurity Authentication

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. This joint CSA updates the advisory published by the US Government on March 17, 2022.

Ransomware

Ransomware Systems administration Cybersecurity Encryption

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. ” concludes DoJ.

Systems administration

Systems administration Encryption Communications Security

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware Systems administration Authentication Security

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

MAY 25, 2020

The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system. Administrators should update their Unified CCE installs as soon as possible. .” An unauthenticated, remote attacker could exploit the issue to execute arbitrary code as the root user on a vulnerable device.

Systems administration

Systems administration Security IT Information Security

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook.

Systems administration

Systems administration Government Access Security

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

VNC is a desktop sharing system – you can use it to remotely access your work computer from home or any other location, or allow technical support staff to do likewise. Ideally, VNC should be used only with authenticated users, such as system administrators.

Authentication

Authentication Access Systems administration Ransomware

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account. Read other sensitive data related to customers, like full names, email addresses or IP addresses.

Cloud

Cloud Systems administration Passwords Authentication

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Systems administration

Systems administration Passwords Communications Access

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over. Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing.

Systems administration

Systems administration Phishing Security IT

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

One of the most outstanding capabilities of iLOBleed is the manipulation of the iLO firmware upgrade routine, when the system administrator tries to upgrade the iLO firmware, the malware simulates the version change while preventing the upgrade routine. . ” continues the report.

Systems administration

Systems administration Access Cybersecurity Security

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

The expert used the JWT to access the GSPIMS portal and after gaining access to the platform he discovered an account with system administrator privileges. made it easy to find accounts that had elevated access to the system. I eventually uncovered a system administrator email and was able to log in to their account.

Systems administration

Systems administration Passwords Access Authentication

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Systems administration

Systems administration Security Access IT

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets.

Systems administration

Systems administration Marketing Risk IT

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Additional technical details on the Microsoft’s Patch Tuesday updates for March 2020 are available in the analysis published by Zero Day Initiative.

Systems administration

Systems administration Security IT Information Security

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

Security Affairs

DECEMBER 24, 2020

The attacks began last week, the systems administrator Marco Hofmann first detailed them. I found these source IP addresses of the attackers in my nstraces: 45.200.42.0/24 24 220.167.109.0/24 Most of the victims of these attacks are in the gaming industry. ” wrote Hofmann.

Communications

Communications Systems administration Authentication Security

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” Other vulnerabilities exist and are likely to be exploited, so the latest fully patched version should be used. ” concludes NSA.

Systems administration

Systems administration Military Access Security

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

System administrators are recommended to update their VMWare ESXi installs or disable SLP support to secure them. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Encryption

Encryption Ransomware Systems administration Cybersecurity

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

. “Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” states the FBI’s PIN alert.

Passwords

Passwords Systems administration Risk Access

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function. Below is an example command to identify a hooked ipcl_get_next_conn function: root@solaris:~# echo ‘ipcl_get_next_conn::dis -n 0 ; ::quit’ | mdb -k.

Systems administration

Systems administration Security IT Access

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Systems administration

Systems administration Military Phishing Government

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

JULY 2, 2020

Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines.

Risk

Risk Systems administration Authentication Access

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

In May, the FBI and CISA also warned cyber attacks coordinated by Beijing and attempting to steal COVID-19 information from US health care, pharmaceutical, and research industry sectors. Keep operating system patches up-to-date. Disable File and Printer sharing services.

Healthcare

Healthcare Passwords Government Systems administration

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Ransomware

Ransomware Systems administration IT Access

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . The Malware Threat behind CurveBall.

Systems administration

Systems administration Risk Communications Security

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

SSH stands for Secure Shell or Secure Socket Shell and is a network protocol that is most often used by system administrators for remote command-line requests, system logins and also for remote command execution. This allows the attacker to SSH to the EIM host as root.”.

Authentication

Authentication Passwords Systems administration Cloud

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. ” reads the report published by Kaspersky.

IT

IT Systems administration Military Cybersecurity

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

System administrators need to upgrade to fixed versions ASAP. To have an idea of the potential impact of the issue, let’s consider thousand of vulnerable devices are exposed online. Researchers from Bad Packers have located 1,832 vulnerable F5 hosts online. A proof-of-concept exploit is now publicly available.

Honeypots

Honeypots Systems administration Passwords Cybersecurity

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems. . System administrators need to employ security best practices with the systems they manage.” “Criminals will continue to monetize unsecured resources in any way they can.

IoT

IoT Honeypots Libraries Archiving

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

The website is a clone of the website of Convergent Network Solutions Ltd , Bastion Secure’s ‘About’ page states that is a spinoff of the legitimate cybersecurity firm that anyway not linked to the criminal gang.

Ransomware

Ransomware Cybersecurity Systems administration Access

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

The advisory also includes recommendations for system administrators to prevent the installation of backdoor firmware images and unusual device reboots.

Cybersecurity

Cybersecurity Systems administration Access Government

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

Organizations with effective spam filtering, proper system administration and up-to-date Windows hosts have a much lower risk of infection.” ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook.

Sales

Sales Systems administration Mining Risk

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more.

Passwords

Passwords Systems administration Authentication Security

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

.” continues the report “While CIA was an early leader in securing our enterprise information technology (IT) system, we failed to correct acute vulnerabilities to our mission IT systems.”. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Data breaches Systems administration Security

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City experts believe that the group specifically targeted a prioritized list of servers using legitimate Microsoft system administrative tools. Early on the morning of Wednesday, May 03, 2023, the group started executing the ransomware on the City of Dallas.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer. “Thanks to you, we are now developing in the field of information security and anonymity!,” “I opened an American visa for myself, it was not difficult to get.

Sales

Sales Access Systems administration Marketing

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

Honeypots

Honeypots Systems administration Passwords IoT

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. In April, the U.S.

Military

Military Systems administration Government Access

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

.” Customers can check whether their NAS is exposed online by using the Security Counselor, a built-in security portal for QNAP NAS devices. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router.

Security

Security Ransomware Encryption Systems administration

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

Some intruders resembled “drunken burglars,” said one source, getting lost in the labyrinth of corporate systems and appearing to grab files at random.” ” According to the Reuters, the hackers had a total control over the HPE corporate network, they also left messages taunting system administrators.

Cloud

Cloud IT Systems administration Phishing

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” In this case, the visitors were downloading Midjourney-x64.msix, msix, which is a Windows Application Package also signed by ASHANA GLOBAL LTD. ” concludes the report.

Systems administration

Systems administration Access Security Cybersecurity

Kimsuky APT poses as journalists and broadcast writers in its attacks

Security Affairs

JUNE 3, 2023

Additionally, the APT group also impersonates operators or administrators of popular web portals claiming that a victim’s account has been locked following suspicious activity or fraudulent use. The advisory includes potential mitigation measures for email recipients and recipients’ systems administrators.

IT

IT Phishing Systems administration Communications

Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign

Security Affairs

AUGUST 16, 2023

System administrators need to be aware that adversaries can exploit edge devices to place backdoors that persist even after updates and / or reboots.” As of August 14, most of the backdoored instances are in Germany, France and Switzerland. ” concludes the report.”As

Systems administration

Systems administration Cloud IT Access

Yandex security team caught admin selling access to users’ inboxes

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Webinars

Trending Sources

FBI and CISA published a new advisory on AvosLocker ransomware

Webinars

A member of the FIN7 group was sentenced to 10 years in prison

StealthWorker botnet targets Synology NAS devices to drop ransomware

Cisco fixed a critical issue in the Unified Contact Center Express

Hackers are targeting Soliton FileZen file-sharing servers

Hacker breaches key Russian ministry in blink of an eye

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Cisco fixes a static default credential issue in Smart Software Manager tool

Microsoft to notify Office 365 users of nation-state attacks

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Researcher compromised the Toyota Supplier Management Network

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Administrators of bulletproof hosting sentenced to prison in the US

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

FBI’s alert warns about using Windows 7 and TeamViewer

Caketap, a new Unix rootkit used to siphon ATM banking data

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Critical Apache Guacamole flaws expose organizations at risk of hack

US govt agencies share details of the China-linked espionage malware Taidoor

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Yomi Hunter Catches the CurveBall

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

North Korea-linked Lazarus APT targets the IT supply chain

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

China-linked APT BlackTech was spotted hiding in Cisco router firmware

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Backdoored Webmin versions were available for download for over a year

CIA elite hacking unit was not able to protect its tools and cyber weapons

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Meet the Administrators of the RSOCKS Proxy Botnet

Roboto, a new P2P botnet targets Linux Webmin servers

CISA’s MAR warns of North Korean BLINDINGCAN RAT

How to secure QNAP NAS devices? The vendor’s instructions

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Kimsuky APT poses as journalists and broadcast writers in its attacks

Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign

Stay Connected