2019, Accountability, Passwords and System Administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software

Software System Administration Advertising Accountability

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

GandCrab dissolved in July 2019, and is thought to have become “ REvil ,” one of the most ruthless and rapacious Russian ransomware groups of all time. “The command requires Windows system administrators,” Truniger’s ads explained. was also used to register an account at the online game stalker[.]so

Ransomware

Ransomware Accountability Cybercrime Backups

Microsoft provides more mitigation instructions for the PetitPotam attack

Malwarebytes

JULY 29, 2021

The attack could force remote Windows systems to reveal password hashes that could then be easily cracked. Microsoft quickly sent out an advisory for system administrators to stop using the now deprecated Windows NT LAN Manager (NTLM) to thwart an attack. The authentication process does not require the plaintext password.

Authentication

Authentication Passwords Encryption System Administration

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

Between January and August 2020, unidentified actors used aggregation software to link actor-controlled accounts to client accounts belonging to the same institution, resulting in more than $3.5 Some of the credentials belonged to company leadership, system administrators, and other employees with privileged access.".

Banking

Banking Passwords Accountability DDOS

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. News of the day is that Webmin contained a remote code execution vulnerability, tracked as CVE-2019-15107, for more than a year.

Passwords

Passwords System Administration Advertising DNS

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. Despite VMware’s three-year-old deprecation statement, unprotected systems remain at risk.

Risk

Risk Authentication System Administration Ransomware

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

Also, remember how users can use keys rather than a password to login? So, imagine Susan is a system admin and she has access to several servers. She used SSH keygen to generate keys and she now can login to the systems via Secure Shell. In May 2019 it was found that Cisco Nexus 9000 series has hardcoded root authorized key.

Risk

Risk Authentication Passwords Accountability

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

“Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Turns out it was possible for a threat actor to flood GLIBC with data , take control of it, and then use it as a launch point for stealing passwords, spying on users and attempting to usurp control of other computers. Privilege account credentials are widely available for sale. This is where PowerShell comes back into play.

Hacking

Hacking Energy and Utilities System Administration Accountability

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Various businesses and organizations rely on these systems. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.

Authentication

Authentication System Administration Firmware Passwords

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

Are all Microsoft(MS) Remote Desktop connections to the outside world accounted for and adequately protected? Are all the OWA – Outlook Web Access – installations accounted for and adequately protected? Are all file sharing accounts accounted for and adequately protected? Are all CMS websites accounted for?

VPN

VPN Accountability Risk System Administration

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

Going back a bit, it was also the top attack vector in 2020, 2019, 2018, 2017, 2016, and well, hopefully, you get the picture. The targeted phishing is going after folks in HR using fake but malicious resumes or payroll and accounts receivable teams to move legitimate payment accounts into attacker control.

Phishing

Phishing Accountability Social Engineering Mobile

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes

APRIL 21, 2021

Most of the problems discovered by Pulse Secure and Mandiant involve three vulnerabilities that were patched in 2019 and 2020. The patched vulnerabilities are listed as: CVE-2019-11510 an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. The old vulnerabilities.

VPN

VPN Authentication Malware System Administration

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management. A few days later, IT systems started malfunctioning with ransom messages following. Reconnaissance. Check Point.

VPN

VPN Software Authentication Encryption

A guide to OWASP’s secure coding

CyberSecurity Insiders

SEPTEMBER 21, 2021

If any potentially hazardous characters must be allowed as input, be sure that you implement additional controls like output encoding, secure task specific APIs, and accounting to use that data throughout the application. Authentication and password management. Implement password hashing on a trusted system.

Authentication

Authentication Passwords Software Accountability

5 Emotions Used in Social Engineering Attacks [with Examples]

SecureWorld News

MARCH 11, 2022

He writes about this in his book, "Ghost in the Wires": "I would call the company I'd targeted, ask for their computer room, make sure I was talking to a system administrator, and tell him, 'This is [whatever fictitious name popped into my head at that moment], from DEC support. A security report against my American Express account?

Social Engineering

Social Engineering Engineering Phishing Accountability

3 security lessons from an MSP that survived the Kaseya VSA attack

Malwarebytes

SEPTEMBER 16, 2021

Put passwords and disaster recovery plans on paper. Recovery plans typically identify the key systems and data inside your organization, and the shortest path to restoring critical business functions. We had to wait almost 36 hours to get our password vault restored so we could get passwords out of it,” Tipton said.

Ransomware

Ransomware Backups Passwords Software

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

SecureWorld News

JUNE 18, 2020

in a press to meet growing and critical mission needs, CCI had prioritized building cyber weapons at the expense of securing their own systems. Shared passwords and a failure to control access: "Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords.".

Cybersecurity

Cybersecurity Authentication Government System Administration

Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19

Herjavec Group

OCTOBER 30, 2020

Ask your school system administrators to provide you their written cybersecurity policies and procedures concerning proposed remote learning capabilities. Ask your school system administrators to provide a copy of their incident response policies and plans. Secure IT: The Top 3 PCI DSS Concerns in 2019.

Education

Education Wireless System Administration Firewall

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware

Malware Social Engineering Encryption Marketing

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Not a few people's Twitter accounts, but all of Twitter. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. It didn't matter whether individual accounts had a complicated and hard-to-remember password, or two-factor authentication.

Hacking

Hacking Banking Accountability Government

Cyber Security Informer

China-linked threat actors have breached telcos and network service providers

Cisco fixes a static default credential issue in Smart Software Manager tool

Trending Sources

A Closer Look at the Snatch Data Ransom Group

Microsoft provides more mitigation instructions for the PetitPotam attack

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

Backdoored Webmin versions were available for download for over a year

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Most Common SSH Vulnerabilities & How to Avoid Them

Roboto, a new P2P botnet targets Linux Webmin servers

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

A bug is about to confuse a lot of computers by turning back time 20 years

Vulnerability Management in the time of a Pandemic

Top Cybersecurity Accounts to Follow on Twitter

The Phight Against Phishing

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Addressing Remote Desktop Attacks and Security

A guide to OWASP’s secure coding

5 Emotions Used in Social Engineering Attacks [with Examples]

3 security lessons from an MSP that survived the Kaseya VSA attack

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19

Updates from the MaaS: new threats delivered through NullMixer

On the Twitter Hack

Stay Connected