2015 and System Administration - Cyber Security Informer

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. As its name suggests, CVE-2015-2862 was issued in July 2015. It’s from 2015!” “It’s a patch for their own software. .

Software

Software Ransomware System Administration Authentication

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

Foreign adversaries typically spend years attempting to penetrate government systems such as these, using stealth to avoid being seen and carefully hiding any tells or tracks.

Government

Government Artificial Intelligence Banking Software

Chinese Hackers Stole an NSA Windows Exploit in 2014

Schneier on Security

MARCH 4, 2021

Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control.

System Administration

System Administration Government Hacking

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

In July 2016, KrebsOnSecurity published a story identifying a Toronto man as the author of the Orcus RAT , a software product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. This week, Canadian authorities criminally charged him with orchestrating an international malware scheme.

Malware

Malware Advertising Marketing System Administration

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

SEPTEMBER 2, 2019

Hostwinds owner Peter Holden was the subject of a 2015 KrebsOnSecurity story titled, “ Like Cutting Off a Limb to Save the Body ,” which described how he’d initially built a lucrative business catering mainly to spammers, only to later have a change of heart and aggressively work to keep spammers off of his network.

Media

Media Government Marketing Internet

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

MAY 25, 2020

The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system. Administrators should update their Unified CCE installs as soon as possible. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

System Administration

System Administration Advertising Software Hacking

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Software

Software System Administration Advertising Accountability

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. companies, predominantly in the restaurant, gambling, and hospitality industries.” ” concludes DoJ.

System Administration

System Administration Penetration Testing Malware Hacking

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

SecureList

OCTOBER 13, 2022

In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). The underlying cause is another vulnerability ( CVE-2015-1197 ) in cpio, for which a fix is available. It invokes cpio and CVE-2015-1197 is triggered.

System Administration

System Administration Malware Passwords Internet

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Accountability Advertising Authentication

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

System Administration

System Administration Advertising Internet Internet

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015. Stassi conducted several administrative tasks for the group, such as registering webhosting and financial accounts using stolen and/or false personal information.

System Administration

System Administration Malware Accountability Marketing

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

Constella finds the same password tied to webmaster@stairwell.ru (225948) was used by the email address 3k@xakep.ru , which Intel 471 says was registered to more than a dozen NeroWolfe accounts across just as many Russian cybercrime forums between 2011 and 2015. 2011 said he was a system administrator and C++ coder.

Ransomware

Ransomware Cybercrime Accountability Government

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes NSA. Pierluigi Paganini.

System Administration

System Administration Software Advertising Technology

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Malware Advertising Risk

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. “I added firewall rules that blocked access to the router from outside the local network,” Alexey wrote.

Cryptocurrency

Cryptocurrency System Administration Advertising Hacking

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

Even is HPE has been hacked multiple times since 2010, most of the hack occurred between 2015 and 2017. “APT10 often attacked a service provider’s system by “spear-phishing” – sending company employees emails designed to trick them into revealing their passwords or installing malware. Pierluigi Paganini.

Identity Theft

Identity Theft Hacking System Administration Advertising

Stolen Nvidia certificates used to sign malware—here’s what to do

Malwarebytes

MARCH 15, 2022

The two leaked Nvidia certificates have expired, being valid from 2011 to 2014 and 2015 to 2018. Normally, users running a system protected by Secure Boot would be protected because Secure Boot does not allow certificates without a time-stamp. Unfortunately an exception was made for certificates that were created before July 29, 2015.

Malware

Malware System Administration Software Ransomware

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

System administrators need to upgrade to fixed versions ASAP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Researchers from Bad Packers have located 1,832 vulnerable F5 hosts online. Our preliminary CVE-2020-5902 scans have located 1,832 vulnerable F5 hosts.

System Administration

System Administration Advertising Hacking Banking

Google will shut down consumer version of Google+ earlier due to a bug

Security Affairs

DECEMBER 11, 2018

“A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes Thacker. .

System Administration

System Administration Advertising Software Accountability

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems. . System administrators need to employ security best practices with the systems they manage.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Cryptocurrency Malware System Administration

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

The Windows Background Intelligent Transfer Service (BITS) service is a built-in component of the Microsoft Windows operating system. The BITS service is used by programmers and system administrators to download files from or upload files to HTTP web servers and SMB file shares. ” reads the analysis published by ESET. .

Malware

Malware System Administration Advertising Spyware

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year. Pierluigi Paganini.

System Administration

System Administration Passwords DNS Advertising

Thousands of RDM refrigeration systems exposed online are at risk

Security Affairs

FEBRUARY 10, 2019

“They all come with a default username and “1234” as the default password, which is rarely changed by system administrators.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – refrigeration systems, hacking). Pierluigi Paganini.

Risk

Risk Passwords System Administration Advertising

Protecting America’s Critical Infrastructure

Thales Cloud Protection & Licensing

JULY 23, 2019

But the energy sector also underpins our emergency and response systems, our hospitals and healthcare, our schools, our businesses, and virtually everything we do as a society. Disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people.

Energy and Utilities

Energy and Utilities Digital transformation Encryption Technology

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

In this type of distributed denial of service (DDoS) attack, the malicious traffic generated with the technique is greater than the once associated with the use of memcached, a service that does not require authentication but has been exposed on the internet by inexperienced system administrators. Brasília time, 1:00 p.m.

DDOS

DDOS Internet Internet System Administration

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Docker Trusted Registry ). Pierluigi Paganini.

Engineering

Engineering Cryptocurrency System Administration Advertising

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

.” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. The vulnerability could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

System Administration

System Administration Advertising Hacking Software

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix. ” reads the analysis.

DDOS

DDOS System Administration Advertising DNS

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

Hladyr is the systems administrator for the FIN7 hacking group, and is considered the mastermind behind the Carbanak campaign , a series of cyberattacks said to stolen as much as $900 million from banks in early part of the last decade. According to acting US Attorney Tessa M.

System Administration

System Administration Banking Malware Penetration Testing

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

.” continues the report “While CIA was an early leader in securing our enterprise information technology (IT) system, we failed to correct acute vulnerabilities to our mission IT systems.”. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Engineering Data breaches Advertising

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

CVE-2015-2051 : An RCE vulnerability in a specific wired/wireless router via a network device management protocol, known for its buggy implementation (HNAP), allows attackers to execute arbitrary commands via a GetDeviceSettings action. CVE-2015-1635 : An RCE vulnerability in specific versions of Windows (e.g., 7 SP1, 8, 8.1)

Ransomware

Ransomware Encryption Backups Accountability

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. In April, the U.S. Pierluigi Paganini.

Malware

Malware Cyber threats Government System Administration

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

Hladyr is suspected to be a system administrator for the group. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. In January 2018 foreign authorities also arrested Fedir Hladyr in Dresden, Germany, he is currently detained in Seattle pending trial. The man is suspected to be a supervisor of the group.

Malware

Malware Penetration Testing Banking System Administration

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Security Affairs

NOVEMBER 28, 2018

Cisco advisory reveals that the vulnerability could be also exploited remotely by leveraging the operating system remote management tools. The issue could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

System Administration

System Administration Advertising Software Authentication

SysAdmin Gets 10 Years in Prison

SecureWorld News

APRIL 19, 2021

Being a systems administrator can be a fulfilling job with a lot of rewards. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces.". But if you're a SysAdmin for a hacking group, you could be rewarded with time behind bars.

System Administration

System Administration Hacking Malware Encryption

Five Eyes Intelligence agencies warn of popular hacking tools

Security Affairs

OCTOBER 12, 2018

To aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Credential Stealer: Mimikatz. Pierluigi Paganini.

Hacking

Hacking System Administration Advertising Engineering

Wireshark fixed three flaws that can crash it via malicious packet trace files

Security Affairs

SEPTEMBER 2, 2018

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems. Administrators can help protect affected systems from external attacks by using a solid firewall strategy. Administrators are advised to monitor affected systems.

Firewall

Firewall System Administration Advertising Antivirus

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Firmware Media Authentication

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

Hladyr is suspected to be a system administrator for the group. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. In January 2018 foreign authorities also arrested Fedir Hladyr in Dresden, Germany, he is currently detained in Seattle pending trial. The man is suspected to be a supervisor of the group.

Malware

Malware Penetration Testing Banking System Administration

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

“Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. “ reports Radio-Canada.

Hacking

Hacking System Administration Advertising Media

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

DOGE as a National Cyberattack

Trending Sources

Chinese Hackers Stole an NSA Windows Exploit in 2014

Orcus RAT Author Charged in Malware Scheme

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Cisco fixed a critical issue in the Unified Contact Center Express

Cisco fixes a static default credential issue in Smart Software Manager tool

A member of the FIN7 group was sentenced to 10 years in prison

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Administrators of bulletproof hosting sentenced to prison in the US

How Did Authorities Identify the Alleged Lockbit Boss?

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Yomi Hunter Catches the CurveBall

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Stolen Nvidia certificates used to sign malware—here’s what to do

North Korea-linked Lazarus APT targets the IT supply chain

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Google will shut down consumer version of Google+ earlier due to a bug

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Backdoored Webmin versions were available for download for over a year

Thousands of RDM refrigeration systems exposed online are at risk

Protecting America’s Critical Infrastructure

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Roboto, a new P2P botnet targets Linux Webmin servers

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

FIN7 sysadmin behind “billions in damage” gets 10 years

CIA elite hacking unit was not able to protect its tools and cyber weapons

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

CISA’s MAR warns of North Korean BLINDINGCAN RAT

FireEye experts found source code for CARBANAK malware on VirusTotal?

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

SysAdmin Gets 10 Years in Prison

Five Eyes Intelligence agencies warn of popular hacking tools

Wireshark fixed three flaws that can crash it via malicious packet trace files

USBAnywhere BMC flaws expose Supermicro servers to hack

FireEye experts found source code for CARBANAK malware on VirusTotal?

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Stay Connected