Accountability and System Administration

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

These hacking waves contribute to the harvesting of account credentials and unauthorized access to loosely-configured servers; and these ill-gotten assets can, in turn, be utilized to execute different stages of higher-level hacks, such as account takeovers and ransomware campaigns. These are simple steps to take,” he told me.

Accountability

Accountability Passwords Hacking Cyber Risk

Yandex sysadmin caught selling access to email accounts

Malwarebytes

FEBRUARY 17, 2021

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The post Yandex sysadmin caught selling access to email accounts appeared first on Malwarebytes Labs.

Accountability

Accountability Social Engineering System Administration Engineering

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

He is also looking for opportunities to collect additional access parameters (usernames and passwords), elevate privileges, or use already existing compromised accounts for unauthorized access to systems, applications, and data. Cybercriminals may also perform some destructive actions aimed at data or systems.

Accountability

Accountability Passwords Authentication Social Engineering

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

System Administration

System Administration Data breaches Accountability Passwords

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. Denial-of-Suez attack.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver's Seat

Dark Reading

FEBRUARY 8, 2023

The automaker closed a hole that allowed a security researcher to gain system administrator access to more than 14,000 corporate and partner accounts and troves of sensitive data.

System Administration

System Administration Accountability

Yandex Employee Caught Selling Access to Users' Email Inboxes

The Hacker News

FEBRUARY 12, 2021

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The employee was one of three system administrators with the necessary access

System Administration

System Administration Data breaches Engineering Accountability

Yandex Email Admin Sold His Inbox Access and Compromised Almost 5,000 Accounts

Hot for Security

FEBRUARY 16, 2021

It turns out that one of the three people working support for the email service, with access to people’s email accounts, used that power for profit. The employee was one of three system administrators with the necessary access rights to provide technical support for the service.”

Accountability

Accountability Data breaches System Administration Internet

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. We have observed several different advertiser accounts which were all reported to Google. The lures are utilities commonly used by IT admins such as PuTTY and FileZilla.

System Administration

System Administration DNS Engineering Social Engineering

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. This joint CSA updates the advisory published by the US Government on March 17, 2022.

Ransomware

Ransomware System Administration Antivirus Malware

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

The expert used the JWT to access the GSPIMS portal and after gaining access to the platform he discovered an account with system administrator privileges. made it easy to find accounts that had elevated access to the system. That gave me access to the User Administration section.

System Administration

System Administration Accountability Passwords Hacking

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Not a few people's Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. It didn't matter whether individual accounts had a complicated and hard-to-remember password, or two-factor authentication.

Hacking

Hacking Banking Accountability Government

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. was also used to register an account at the online game stalker[.]so ru account is connected to the Telegram account “ Perchatka ,” (“glove” in Russian). ru account and posted as him.

Ransomware

Ransomware Accountability Cybercrime Backups

Beautiful Basics: Lesson 3

Security Boulevard

MAY 28, 2022

If you don’t have fake accounts, computers, and configurations that look vulnerable mixed in with your population of systems you are missing out. System administrators usually know their systems very well. No one should EVER use this account. Finally lets get to the meat of this lesson.

System Administration

System Administration Accountability Passwords VPN

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

APRIL 6, 2021

Côté outlined how and why many SMBs are in a position to materially improve their security posture – by going back to a few security basics, in particular by paying closer attention to privileged account management , or PAM. Some context: privileged accounts first arose 20 years ago as our modern business networks took shape.

Accountability

Accountability Passwords Digital transformation Authentication

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Hot for Security

FEBRUARY 10, 2021

. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”. The notice further warns about the use of Windows 7, which Microsoft stopped supporting in January of last year.

Hacking

Hacking Social Engineering System Administration Passwords

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. Prosecutors say Vasinskyi also used the monikers “ Yarik45 ,” and “ Yaroslav2468.”

Ransomware

Ransomware Cybercrime System Administration Passwords

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).

DDOS

DDOS System Administration Internet Internet

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” Michael Sanders , executive vice president of account management at Kaseya, confirmed that the customer portal was taken offline in response to a vulnerability report.

Software

Software Ransomware System Administration Authentication

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook.

System Administration

System Administration Firmware Government Hacking

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. To prevent the threat from spreading within the network, the City shut down the impacted IT systems. ” reads the report.

Ransomware

Ransomware Surveillance Healthcare Accountability

Critical Microsoft Windows Vulnerability found

CyberSecurity Insiders

JULY 7, 2021

Or else they are on the verge of getting hacked by cyber crooks that could then install programs, view or delete data or even create new user accounts of a PC without the knowledge of the user or the system administration if/when on network. .

System Administration

System Administration Cyber Attacks Engineering Accountability

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

” Since 2016 Microsoft continues to track nation-state activity against the email accounts of its customers, the IT giant warned of state-sponsored hacking campaigns originating from China, Russia, and Iran for years. Every time Microsoft experts have detected attacks from state-sponsored hackers, they have alerted users via email.

System Administration

System Administration Hacking Cyber threats Accountability

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software

Software System Administration Advertising Accountability

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

Threatpost

APRIL 26, 2018

Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.

System Administration

System Administration Malware Accountability

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

It was designed to make it convenient for system administrators to automate tasks and manage configurations across all Windows endpoints and servers in a company network. A common technique to achieve persistence is to leverage stolen account logons, especially ones that give access to privileged accounts.

Hacking

Hacking Energy and Utilities System Administration Accountability

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

JANUARY 14, 2019

This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Attackers that are able to gain access to privileged accounts can elevate privileges and move laterally throughout the network to accomplish their end goal.

Accountability

Accountability Risk Technology System Administration

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Webroot

APRIL 2, 2024

While RDP is a powerful tool for remote administration and support, it has also become a favored vector for brute force attacks for several reasons: Widespread use: RDP is commonly used in businesses to enable remote work and system administration.

Cybersecurity

Cybersecurity Passwords VPN Authentication

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets.

System Administration

System Administration Malware Accountability Marketing

Malvertiser copies PC news site to deliver infostealer

Malwarebytes

NOVEMBER 8, 2023

This type of website is often visited by geeks and system administrators to read the latest computer reviews, learn some tips and download software utilities. info/account/hdr.jpg ivcgroup[.]in/temp/Citrix-x64.msix Indicators of Compromise Ad domains argenferia[.]com com realvnc[.]pro pro corporatecomf[.]online com winscp-apps[.]online

Software

Software System Administration Antivirus Malware

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account.

System Administration

System Administration Accountability Advertising Authentication

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Inactive Accounts and Default Configurations. Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. MFA was automatically disabled because the account was inactive for a long period.

VPN

VPN Accountability Authentication Passwords

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”

Passwords

Passwords Social Engineering Software System Administration

US CISA and NSA publish guidance to secure Kubernetes deployments

Security Affairs

AUGUST 4, 2021

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.

System Administration

System Administration Architecture Firewall Risk

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

According to Tenable, the remote authentication-bypass vulnerability is tied to an issue related to how HPE handles password resets for administrator accounts. However, after the password change, an unauthenticated remote attacker can use the same URL to reset the password for the Administrator account,” Tenable wrote.

Authentication

Authentication Passwords Accountability System Administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

. “Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. Read our guide on privilege escalation attacks next to learn about the detection and prevention strategies for your privileged accounts and data.

Risk

Risk Authentication System Administration Ransomware

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. com sometime around Dec.

Phishing

Phishing Passwords Accountability Authentication

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.

Cybercrime

Cybercrime System Administration Marketing Malware

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA. Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best.

Authentication

Authentication VPN System Administration Engineering

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

NOVEMBER 30, 2021

Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. What is Privileged Access Management (PAM)? WALLIX Bastion. PAM best practices.

Software

Software Accountability Government Passwords

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

JULY 14, 2020

. “DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.”

DNS

DNS Backups System Administration Software

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Yandex sysadmin caught selling access to email accounts

Trending Sources

Privileged account management challenges: comparing PIM, PUM and PAM

Yandex security team caught admin selling access to users’ inboxes

Top Cybersecurity Accounts to Follow on Twitter

Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver's Seat

Yandex Employee Caught Selling Access to Users' Email Inboxes

Yandex Email Admin Sold His Inbox Access and Compromised Almost 5,000 Accounts

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

FBI and CISA published a new advisory on AvosLocker ransomware

Researcher compromised the Toyota Supplier Management Network

On the Twitter Hack

A Closer Look at the Snatch Data Ransom Group

Beautiful Basics: Lesson 3

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

REvil Ransom Arrest, $6M Seizure, and $10M Reward

DDoS Mitigation Firm Founder Admits to DDoS

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Hackers are targeting Soliton FileZen file-sharing servers

StealthWorker botnet targets Synology NAS devices to drop ransomware

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Critical Microsoft Windows Vulnerability found

Microsoft to notify Office 365 users of nation-state attacks

Cisco fixes a static default credential issue in Smart Software Manager tool

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Administrators of bulletproof hosting sentenced to prison in the US

Malvertiser copies PC news site to deliver infostealer

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

FBI’s alert warns about using Windows 7 and TeamViewer

US CISA and NSA publish guidance to secure Kubernetes deployments

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

China-linked threat actors have breached telcos and network service providers

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Tricky Phish Angles for Persistence, Not Passwords

Career Choice Tip: Cybercrime is Mostly Boring

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Best Privileged Access Management (PAM) Software for 2022

‘Wormable’ Flaw Leads July Microsoft Patches

Stay Connected