2019, Accountability, Malware and System Administration

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. 2011 said he was a system administrator and C++ coder. Dmitry Yuryevich Khoroshev. Image: treasury.gov. “P.S.

Ransomware

Ransomware Cybercrime Accountability Malware

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

GandCrab dissolved in July 2019, and is thought to have become “ REvil ,” one of the most ruthless and rapacious Russian ransomware groups of all time. “The command requires Windows system administrators,” Truniger’s ads explained. was also used to register an account at the online game stalker[.]so

Ransomware

Ransomware Accountability Cybercrime Backups

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Malware Evolves to Present New Threats to Developers

Security Boulevard

FEBRUARY 10, 2022

Malware, or code written for malicious purposes, is evolving. To understand the new dangers malicious code poses to developers, it helps to take a brief look back at the history of malware. Malicious code, or malware, is intentionally written to disrupt, damage, or otherwise inflict undesirable effects on a target system.

Malware

Malware Software Ransomware Adware

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. Upon its initialization, the malware removes itself from the loaded modules list and updates the last_module_id with the previously loaded module to delete any trace of its presence. ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

It was designed to make it convenient for system administrators to automate tasks and manage configurations across all Windows endpoints and servers in a company network. Another branch of attacks revolve around ransomware, crypto jacking, denial of service attacks and malware spreading activities.

Hacking

Hacking Energy and Utilities System Administration Accountability

VRM Wishlist for 2019

NopSec

DECEMBER 31, 2018

Most of the time, network and system administrators are concerned about the availability of their network and systems because of the continuous vulnerability scanning pressure. The post VRM Wishlist for 2019 appeared first on NopSec.

System Administration

System Administration Risk Accountability Malware

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes

APRIL 21, 2021

Cybersecurity sleuths Mandiant report that they are tracking “12 malware families associated with the exploitation of Pulse Secure VPN devices” operated by groups using a set of related techniques to bypass both single and multi-factor authentication. We wrote about the apparent reluctance to patch for this vulnerability in 2019.

VPN

VPN Authentication Malware System Administration

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

In most organization system administrators can disable or change most or all SSH configurations; these settings and configurations can significantly increase or reduce SSH security risks. Disabling root account remote login - This prevents users from logging in as the root (super user) account.

Risk

Risk Authentication Passwords Accountability

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

“Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” Webmin is an open-source web-based interface for system administration for Linux and Unix. SecurityAffairs – Roboto botnet , malware).

DDOS

DDOS System Administration Advertising DNS

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model — the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. Malware developers — no longer hiring. Client-side attacks on the wane.

Cybercrime

Cybercrime Banking Malware Ransomware

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

We discovered the malware as part of an attack against a high-profile organization in Vietnam. We found the loader for this file so interesting that we decided to base one of the tracks of our Targeted Malware Reverse Engineering course on it. The exploit-chain attempts to install malware in the system through a dropper.

Ransomware

Ransomware Malware Banking Encryption

Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19

Herjavec Group

OCTOBER 30, 2020

Ask your school system administrators to provide you their written cybersecurity policies and procedures concerning proposed remote learning capabilities. Ask your school system administrators to provide a copy of their incident response policies and plans. Secure IT: The Top 3 PCI DSS Concerns in 2019.

Education

Education Wireless System Administration Firewall

5 Emotions Used in Social Engineering Attacks [with Examples]

SecureWorld News

MARCH 11, 2022

He writes about this in his book, "Ghost in the Wires": "I would call the company I'd targeted, ask for their computer room, make sure I was talking to a system administrator, and tell him, 'This is [whatever fictitious name popped into my head at that moment], from DEC support. A security report against my American Express account?

Social Engineering

Social Engineering Engineering Phishing Accountability

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

A technical analysis of NullMixer malware operation revealed Italy and France are the favorite European countries from the attackers’ perspective. Executive Summary Our insights into a recent NullMixer malware operation revealed Italy and France are the favorite European countries from the opportunistic attackers’ perspective.

Malware

Malware Social Engineering Encryption Marketing

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours. Gone in 24 Hours.

Phishing

Phishing Accountability Financial Services Cloud Migration

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

With lateral movement across a victim’s IT infrastructure, threat actors can escalate privileges, spread malware , extract data , and disrupt IT services as with ransomware attacks. SamSam Ransomware: Malware Specializing in RDP. A few days later, IT systems started malfunctioning with ransom messages following.

VPN

VPN Software Authentication Encryption

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

Are all Microsoft(MS) Remote Desktop connections to the outside world accounted for and adequately protected? Are all the OWA – Outlook Web Access – installations accounted for and adequately protected? Are all file sharing accounts accounted for and adequately protected? Are all CMS websites accounted for?

VPN

VPN Accountability Risk System Administration

Black Kingdom ransomware

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. Black Kingdom is not a new player: it was observed in action following other vulnerability exploitations in 2020, such as CVE-2019-11510. CVE-2019-11510. The malware generates a 64-character pseudo-random string.

Ransomware

Ransomware Encryption VPN System Administration

Is Cloud Storage Safe From Ransomware?

Spinone

FEBRUARY 18, 2020

These are words that no system administrator or business leader wants to hear from anyone using a computer on their network. However, this year in 2019, many IT professionals and business leaders alike have had to deal with the very real and alarming scenario of a ransomware attack. billion in 2019 worldwide.

Ransomware

Ransomware Encryption Malware Backups

A guide to OWASP’s secure coding

CyberSecurity Insiders

SEPTEMBER 21, 2021

If any potentially hazardous characters must be allowed as input, be sure that you implement additional controls like output encoding, secure task specific APIs, and accounting to use that data throughout the application. Implement password hashing on a trusted system. Hackers can use these credentials to get access to all accounts.

Authentication

Authentication Passwords Software Accountability

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

Going back a bit, it was also the top attack vector in 2020, 2019, 2018, 2017, 2016, and well, hopefully, you get the picture. The targeted phishing is going after folks in HR using fake but malicious resumes or payroll and accounts receivable teams to move legitimate payment accounts into attacker control. Figure 2: Spam.

Phishing

Phishing Accountability Social Engineering Mobile

Cyber Security Informer

How Did Authorities Identify the Alleged Lockbit Boss?

Top Cybersecurity Accounts to Follow on Twitter

Webinars

Trending Sources

A Closer Look at the Snatch Data Ransom Group

Webinars

Malware Evolves to Present New Threats to Developers

Caketap, a new Unix rootkit used to siphon ATM banking data

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

VRM Wishlist for 2019

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Most Common SSH Vulnerabilities & How to Avoid Them

Roboto, a new P2P botnet targets Linux Webmin servers

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

IT threat evolution Q2 2021

Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19

5 Emotions Used in Social Engineering Attacks [with Examples]

Updates from the MaaS: new threats delivered through NullMixer

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Addressing Remote Desktop Attacks and Security

Vulnerability Management in the time of a Pandemic

Black Kingdom ransomware

Is Cloud Storage Safe From Ransomware?

A guide to OWASP’s secure coding

The Phight Against Phishing

Stay Connected