2019, Authentication, Hacking and System Administration

2019

Authentication

Hacking

System Administration

Latest on the SVR’s SolarWinds Hack

Schneier on Security

JANUARY 5, 2021

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). There is also no indication yet that any human intelligence alerted the United States to the hacking. The October files, distributed to customers on Oct.

Hacking

Hacking System Administration Software Surveillance

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

Brute Force attack launched by Russia APT28 using Kubernetes

CyberSecurity Insiders

JULY 2, 2021

But a new discovery made by the National Security Agency(NSA) of United States has revealed that Russian hacking group APT28 is launching Brute Force Cyber Attacks using Kubernetes to ensure anonymity. APT28 aka Fancy Bear or Strontium is a hacking group that is funded by Russian Military Intelligence.

System Administration

System Administration VPN Manufacturing Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. The problem: CVE-2024-22245 and CVE-2024-22250 put Windows domains vulnerable to authentication relay and session hijack attacks.

Risk

Risk Authentication System Administration Ransomware

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. News of the day is that Webmin contained a remote code execution vulnerability, tracked as CVE-2019-15107, for more than a year. ehakkus) August 11, 2019. SecurityAffairs – Webmin, hacking). Pierluigi Paganini.

Passwords

Passwords System Administration Advertising DNS

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

In this type of distributed denial of service (DDoS) attack, the malicious traffic generated with the technique is greater than the once associated with the use of memcached, a service that does not require authentication but has been exposed on the internet by inexperienced system administrators. Brasília time, 1:00 p.m.

DDOS

DDOS Internet Internet System Administration

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. — Jason Haddix (@Jhaddix) July 27, 2019.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

A guide to OWASP’s secure coding

CyberSecurity Insiders

SEPTEMBER 21, 2021

Authentication and password management. Passwords are one of the least safe user authentication methods, yet they are also frequently used for web applications for safeguarding online data. Authentication is the procedure of confirming that a person, organization, or site is who they say they are. Session management.

Authentication

Authentication Passwords Software Accountability

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals The page resembles an authentic Microsoft Office 365 file sharing page. SecurityAffairs – Facebook, hacking).

Phishing

Phishing Accountability Financial Services Cloud Migration

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

This tool was used as part of an ongoing campaign that we named “ TunnelSnake “ The rootkit was detected on the targeted machines as early as November 2019; and another tool we found, showing significant code overlaps with the rootkit, suggests that the developers had been active since at least 2018. Black Kingdom ransomware.

Ransomware

Ransomware Malware Banking Encryption

Q&A on 90 Day Certificates. You asked – Sectigo Responds!

Security Boulevard

APRIL 17, 2023

The trend of shrinking certificate lifespans, or “short-lived certificates,” is one Sectigo predicted as far back as 2019. If they are public-root “SSL certificates” (server authentication) then they are affected by this change, and their lifespans will be reduced to 90 days. Has there been any pushback whatsoever from the CA’s?

Software

Software Encryption System Administration CISO

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

From the report: "The Twitter Hack is a cautionary tale about the extraordinary damage that can be caused even by unsophisticated cybercriminals. This false log-in generated an MFA notification requesting that the employees authenticate themselves, which some of the employees did.". Between approximately 3 a.m. and 10 a.m.

Social Engineering

Social Engineering Media Scams Financial Services

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Twitter was hacked this week. Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. Class breaks are endemic to computerized systems, and they're not something that we as users can defend against with better personal security.

Hacking

Hacking Banking Accountability Government

Cyber Security Informer

Latest on the SVR’s SolarWinds Hack

China-linked threat actors have breached telcos and network service providers

Webinars

Trending Sources

Brute Force attack launched by Russia APT28 using Kubernetes

Webinars

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Backdoored Webmin versions were available for download for over a year

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Top Cybersecurity Accounts to Follow on Twitter

A guide to OWASP’s secure coding

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

IT threat evolution Q2 2021

Q&A on 90 Day Certificates. You asked – Sectigo Responds!

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

On the Twitter Hack

Stay Connected