Security Affairs

MAY 25, 2020

Cisco has released several security patches, including one for a critical issue, tracked as CVE-2020-3280 , in the call-center software Unified Contact Center Express. Cisco released a set of security patches , including one for a critical flaw in its call-center software Unified Contact Center Express, tracked as CVE-2020-3280.

Systems administration 333

Systems administration Security IT Information Security 333

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Systems administration 345

Systems administration Encryption Communications Security 345

Security Affairs

FEBRUARY 20, 2020

Cisco has released security updates to address 17 vulnerabilities affecting its networking and unified communications product lines. Cisco has released security patches to fix 17 vulnerabilities affecting its networking and unified communications product lines. ” reads the advisory published by Cisco. Pierluigi Paganini.

Systems administration 355

Systems administration Passwords Communications Access 355

Security Affairs

FEBRUARY 8, 2021

The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. We’re adding an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.” It automatically investigates and remediates attacks. Pierluigi Paganini.

Systems administration 354

Systems administration Phishing Security IT 354

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Hackers are targeting Soliton FileZen file-sharing servers appeared first on Security Affairs.

Systems administration 323

Systems administration Government Access Security 323

Security Affairs

JUNE 2, 2020

Security researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956 , that could be abused to takeover corporate servers. Experts from Citadelo discovered the issue while conducting a security audit of the cloud infrastructure.of

Cloud 329

Cloud Systems administration Passwords Authentication 329

Security Affairs

DECEMBER 24, 2020

The threat actors are using the Datagram Transport Layer Security (DTLS) protocol as an amplification vector in attacks against Citrix appliances with EDT enabled. The DTLS protocol is a communications protocol for securing delay-sensitive apps and services that use datagram transport. 24 220.167.109.0/24 ” wrote Hofmann. .

Communications 362

Communications Systems administration Authentication Security 362

Data Breach Today

AUGUST 16, 2023

Online Scans Show More Than 1,200 Patched NetScaler Devices Are Backdoored Hackers moved faster than system administrators to exploit a zero-day vulnerability in Citrix NetScaler appliances by dropping web shells that remain active even after a patch, warn Dutch security researchers.

Systems administration 242

Systems administration Security IT 242

Security Affairs

DECEMBER 30, 2021

The experts explained that malware targeting iLO could be very insidious because it runs with high privileges (above any level of access in the operating system), very low-level access to the hardware, and it cannot be detected by admins and security software that doesn’t inspect iLO. ” continues the report.

Systems administration 361

Systems administration Access Cybersecurity Security 361

Security Affairs

FEBRUARY 5, 2021

Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. “The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value.

Systems administration 358

Systems administration Security Access IT 358

Security Affairs

MAY 28, 2020

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. . Using a previous version of Exim leaves a system vulnerable to exploitation. ” concludes NSA.

Systems administration 353

Systems administration Military Access Security 353

Security Affairs

FEBRUARY 14, 2021

. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.” “Cyber actors continue to find entry points into legacy Windows operating systems and leverageRemote Desktop Protocol (RDP) exploits.” Windows 10).

Passwords 362

Passwords Systems administration Risk Access 362

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. The post Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – malware, Patch Tuesday).

Systems administration 328

Systems administration Security IT Information Security 328

Security Affairs

JANUARY 21, 2020

The recent CurveBall vulnerability shook the Info-Sec community worldwide: a major vulnerability reported directly by the US National Security Agency. Even cryptographically signed files and emails are exposed to spoofing and tampering , violating the core parts of the threat models most of the company use to secure their businesses.

Systems administration 329

Systems administration Risk Communications Security 329

Security Affairs

FEBRUARY 2, 2021

Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks. Ransomware group using them to bypass all Windows OS security, by shutting down VMs and encrypting the VMDK’s directly on hypervisor. Pierluigi Paganini. Pierluigi Paganini.

Encryption 279

Encryption Ransomware Systems administration Cybersecurity 279

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets. SecurityAffairs – hacking, cyber security). Follow me on Twitter: @securityaffairs and Facebook.

Systems administration 313

Systems administration Marketing Risk IT 313

Security Affairs

MAY 5, 2021

“A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. ” reads the security advisory published. ” reads the security advisory published. What’s Behind HPE’s Critical Bug? Pierluigi Paganini.

Authentication 334

Authentication Passwords Systems administration Cloud 334

Security Affairs

AUGUST 4, 2020

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks. Keep operating system patches up-to-date. v1 , U.S. .

Healthcare 349

Healthcare Passwords Government Systems administration 349

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Image: Archive.org.

IT 323

IT Ransomware Systems administration Authentication 323

Security Affairs

MARCH 18, 2022

In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function. “This CAKETAP variant targeted specific messages destined for the Payment Hardware Security Module (HSM).” ” reads the analysis published by Mandiant.

Systems administration 362

Systems administration Security IT Access 362

Security Affairs

JULY 2, 2020

Security researchers discovered multiple critical reverse RDP vulnerabilities in the remote desktop application Apache Guacamole. Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway.

Risk 358

Risk Systems administration Authentication Access 358

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” ” reads the post published by Microsoft. ” continues Microsoft. Pierluigi Paganini.

Ransomware 362

Ransomware Systems administration Encryption Passwords 362

Security Affairs

FEBRUARY 8, 2023

The security researcher Eaton Zveare has exploited a vulnerability in Toyota’s Global Supplier Preparation Information Management System (GSPIMS) to achieve system admin access to Toyota’s global supplier management network. made it easy to find accounts that had elevated access to the system.

Systems administration 246

Systems administration Passwords Access Authentication 246

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Systems administration 246

Systems administration Military Phishing Government 246

Security Affairs

OCTOBER 22, 2021

One of the companies created by the cyber criminal organizations with this purpose is Combi Security, but researchers from Gemini Advisory discovered other similar organizations by analyzing the site of another fake cybersecurity company named Bastion Security. SecurityAffairs – hacking, cyber security). Pierluigi Paganini.

Ransomware 328

Ransomware Cybersecurity Systems administration Access 328

WIRED Threat Level

SEPTEMBER 22, 2019

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act.

Systems administration 217

Systems administration Security 217

Security Affairs

MARCH 16, 2022

VNC is a desktop sharing system – you can use it to remotely access your work computer from home or any other location, or allow technical support staff to do likewise. Ideally, VNC should be used only with authenticated users, such as system administrators. That’s a serious security breach of assets right there.

Authentication 350

Authentication Access Systems administration Ransomware 350

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. The bad aspect of the story is that even if security patches have been available for months, ISPs and owners of the home routers still have installed them. Pierluigi Paganini. Pierluigi Paganini.

Mining 278

Mining Systems administration Security Access 278

Security Affairs

JUNE 17, 2020

“These shortcomings were emblematic of a culture that evolved over years that too often prioritized creativity and collaboration at the expense of security,” according to the report. The post CIA elite hacking unit was not able to protect its tools and cyber weapons appeared first on Security Affairs. .” states the report.

IT 360

IT Data breaches Systems administration Security 360

Data Breach Today

JANUARY 28, 2021

Sophos: 'Ghost' Accounts Present a Potential Security Danger The operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to Sophos.

Ransomware 179

Ransomware Systems administration Security 179

Security Affairs

SEPTEMBER 27, 2023

According to a joint cybersecurity advisory from the United States National Security Agency (NSA), the U.S. The advisory also includes recommendations for system administrators to prevent the installation of backdoor firmware images and unusual device reboots. Federal Bureau of Investigation (FBI), the U.S.

Cybersecurity 343

Cybersecurity Systems administration Access Government 343

Krebs on Security

JANUARY 20, 2020

Preston was featured in the 2016 KrebsOnSecurity story DDoS Mitigation Firm Has History of Hijacks , which detailed how the company he co-founded — BackConnect Security LLC — had developed the unusual habit of hijacking Internet address space it didn’t own in a bid to protect clients from attacks.

Systems administration 339

Systems administration IoT IT Security 339

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Experts pointed out that a Docker Engine is not properly secured could be exposed to remote attack through Docker Engine API. Security Affairs – Docker APIs, hacking).

Mining 275

Mining Systems administration Encryption Authentication 275

Security Affairs

OCTOBER 27, 2021

Cybersecurity and Infrastructure Security Agency (CISA) in August 2020. The CISA MAR provided indicators of compromise (IoCs), Yara rules, and other technical info that could be used by system administrators to discover compromise systems within their networks. ” reads the report published by Kaspersky.

IT 320

IT Systems administration Military Cybersecurity 320

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. This hostname connection is particularly heterogeneous, but it technically makes sense.

Ransomware 363

Ransomware Systems administration IT Access 363

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. To prevent the threat from spreading within the network, the City shut down the impacted IT systems. The City experts believe that the group specifically targeted a prioritized list of servers using legitimate Microsoft system administrative tools.

Ransomware 338

Ransomware Encryption Systems administration Cybersecurity 338

Security Affairs

OCTOBER 17, 2018

Oracle has just released a security update to prevent 2.3 The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. Since its launch, RPCBIND has been receiving updates that cover several failures, including security. This, however, is the most serious finding so far.

Systems administration 279

Systems administration Authentication Security IT 279