2018, Hacking and System Administration

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Twitter was hacked this week. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. Back in 2018, Twitter said it was exploring encrypting those messages, but it hasn't yet. Maybe this hack will serve as a wake-up call.

Hacking

Hacking Banking Accountability Government

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. This quickly gets intricately technical.

Hacking

Hacking Energy and Utilities System Administration Accountability

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. Hladyr was charged in 2018 with two other FIN7 members , Dmytro Fedorov and Andrii Kopakov , also Ukrainian nationals.

System Administration

System Administration Penetration Testing Malware Banking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking

Hacking Engineering Data breaches Advertising

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes

APRIL 20, 2021

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known as FIN7. The arrest.

System Administration

System Administration Banking Malware Penetration Testing

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

” New York City-based cyber intelligence firm Flashpoint said the Snatch ransomware group was created in 2018, based on Truniger’s recruitment both on Russian language cybercrime forums and public Russian programming boards. “The command requires Windows system administrators,” Truniger’s ads explained.

Ransomware

Ransomware Accountability Cybercrime Backups

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Sanders said the portal had been retired in 2018 in favor of a more modern customer support and ticketing system, yet somehow the old site was still left available online.

Software

Software Ransomware System Administration Authentication

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

Researchers discovered a “high” severity command injection vulnerability, tracked as CVE-2018-15442, in Cisco Webex Meetings Desktop. Researchers Ron Bowes and Jeff McJunkin of Counter Hack discovered a “high” severity command injection vulnerability, tracked as CVE-2018-15442 , in Cisco Webex Meetings Desktop. .”

System Administration

System Administration Advertising Hacking Software

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

Is hacking a crime? Bryan McAninch (Aph3x) talks about his organization, Hacking Is Not A Crime , and the ethical line it draws on various hacking activities. I used to hack the phone company quite a bit. I was like living in our systems for years and I want to get in some trouble for that.

Hacking

Hacking Technology InfoSec Media

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

The accused, 36-year-old John “Armada” Revesz , has maintained that Orcus is a legitimate “ R emote A dministration T ool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product. An advertisement for Orcus RAT.

Malware

Malware Advertising Marketing System Administration

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

A Russian-speaking hacker, who goes by the name of Alexey, claims to have hacked into over 100,000 MikroTik routers with a specific intent, disinfect them. Threat actors also exploited the exploit code for the CVE-2018-14847 vulnerability in MikroTik routers to recruit them in botnets such as Mirai and VPNFilter. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency System Administration Advertising Hacking

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Ensure that you have dedicated management systems [ D3-PH ] and accounts for system administrators. SecurityAffairs – hacking, China-linked threat actors). Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ]. To nominate, please visit:?. Pierluigi Paganini.

Telecommunications

Telecommunications Authentication Passwords Accountability

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. According to the experts from Kaspersky that first analyzed the framework, the MATA campaign has been active at least since April of 2018.

Malware

Malware System Administration Hacking Media

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Rezvesz maintains his software was designed for legitimate use only and for system administrators seeking more powerful, full-featured ways to remotely manage multiple PCs around the globe. According to Rezvesz himself, he is no stranger to the Canadian legal system.

Advertising

Advertising Malware Marketing Software

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Security Affairs

NOVEMBER 28, 2018

One month ago, Cisco addressed the CVE-2018-15442 vulnerability, also tracked as WebExec by Counter Hack researchers Ron Bowes and Jeff McJunkin who discovered it. The CVE-2018-15442 vulnerability could be exploited by an authenticated, local attacker to execute arbitrary commands as a privileged user. and later prior to 33.0.5,

System Administration

System Administration Advertising Software Authentication

Wireshark fixed three flaws that can crash it via malicious packet trace files

Security Affairs

SEPTEMBER 2, 2018

The three vulnerabilities tracked as CVE-2018-16056 , CVE-2018-16057 and CVE-2018-16058 affect respectively the Bluetooth Attribute Protocol (ATT) dissector, the Radiotap dissector, and the Audio/Video Distribution Transport Protocol (AVDTP) dissector components of Wireshark. “To

Firewall

Firewall System Administration Advertising Antivirus

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. — Jack Daniel (@jack_daniel) October 10, 2018.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

In January 2018 foreign authorities also arrested Fedir Hladyr in Dresden, Germany, he is currently detained in Seattle pending trial. Hladyr is suspected to be a system administrator for the group. In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain.

Malware

Malware Penetration Testing Banking System Administration

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

Security Affairs

AUGUST 2, 2018

Three members of the notorious cybercrime gang known as FIN7 and Carbanak have been indicted and charged with 26 felony counts of conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. Hladyr is suspected to be a system administrator for the group.

Banking

Banking Cybercrime Identity Theft Penetration Testing

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

In January 2018 foreign authorities also arrested Fedir Hladyr in Dresden, Germany, he is currently detained in Seattle pending trial. Hladyr is suspected to be a system administrator for the group. In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain.

Malware

Malware Penetration Testing Banking System Administration

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. 32) and Igor Turashev (38) for distributing the infamous Dridex banking Trojan , and for their involvement in international bank fraud and computer hacking schemes.

Banking

Banking Malware Cybercrime Accountability

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

It could be compromised directly or by hacking the account of someone with access to the website management. Cybercriminals also used to hack into servers of organizations to use them as relay servers to throw investigators off the scent and make it harder to trace the main C&C center.

Cybercrime

Cybercrime Banking Malware Ransomware

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

com – all generated using RoyalRoad and attempting to exploit CVE-2018-0802. Black Kingdom changes the desktop background to a note that the system is infected while it encrypts files, disabling the mouse and keyboard as it does so. | We observed hacked WordPress, Amazon and Azure servers used by the Trojan for storing archives.

Ransomware

Ransomware Malware Banking Encryption

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

Being a system administrator, a patch could contain a security update to stop a vulnerability. At one stage, Wireless hacking “was the thing”, so we needed to support injection on as many cards as possible. In information security (infosec) there is the need to be on the latest version.

InfoSec

InfoSec Penetration Testing Architecture Software

Cyber Security Informer

On the Twitter Hack

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Webinars

Trending Sources

A member of the FIN7 group was sentenced to 10 years in prison

Webinars

CIA elite hacking unit was not able to protect its tools and cyber weapons

FIN7 sysadmin behind “billions in damage” gets 10 years

A Closer Look at the Snatch Data Ransom Group

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

The Hacker Mind Podcast: Ethical Hacking

Orcus RAT Author Charged in Malware Scheme

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

China-linked threat actors have breached telcos and network service providers

North Korea-linked Lazarus APT targets the IT supply chain

Canadian Police Raid ‘Orcus RAT’ Author

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Wireshark fixed three flaws that can crash it via malicious packet trace files

Top Cybersecurity Accounts to Follow on Twitter

FireEye experts found source code for CARBANAK malware on VirusTotal?

Three members of FIN7 (Carbanak) gang charged with stealing 15 million credit cards

FireEye experts found source code for CARBANAK malware on VirusTotal?

US authorities charged Dridex gang members for stealing over $100 Million

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

IT threat evolution Q2 2021

Happy 10th anniversary & Kali's story.so far

Stay Connected