2019, Authentication and System Administration

Latest on the SVR’s SolarWinds Hack

Schneier on Security

JANUARY 5, 2021

Separately, it seems that the SVR conducted a dry run of the attack five months before the actual attack: The hackers distributed malicious files from the SolarWinds network in October 2019, five months before previously reported files were sent to victims through the company’s software update servers. We know at minimum they had access Oct.

Hacking

Hacking System Administration Software Surveillance

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. The problem: CVE-2024-22245 and CVE-2024-22250 put Windows domains vulnerable to authentication relay and session hijack attacks.

Risk

Risk Authentication System Administration Ransomware

Microsoft Patch Tuesday, February 2022 Edition

Krebs on Security

FEBRUARY 8, 2022

Among those is CVE-2022-22005 , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user. “However, given the number of stolen credentials readily available on underground markets, getting authenticated could be trivial. .

Authentication

Authentication Internet Internet System Administration

Brute Force attack launched by Russia APT28 using Kubernetes

CyberSecurity Insiders

JULY 2, 2021

NSA states APT28 has been involved in this hacking campaign since 2019 and has so far targeted many of US and UK Organizations that include those involved in manufacturing, energy, defense, logistics, media, law, education and military and political sectors.

System Administration

System Administration VPN Manufacturing Authentication

Microsoft provides more mitigation instructions for the PetitPotam attack

Malwarebytes

JULY 29, 2021

The attack could force remote Windows systems to reveal password hashes that could then be easily cracked. Microsoft quickly sent out an advisory for system administrators to stop using the now deprecated Windows NT LAN Manager (NTLM) to thwart an attack. The authentication process does not require the plaintext password.

Authentication

Authentication Passwords Encryption System Administration

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Various businesses and organizations rely on these systems. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.

Authentication

Authentication System Administration Firmware Passwords

How Secure Shell (SSH) Keys Work

Security Boulevard

AUGUST 5, 2022

SSH authenticates the parties involved and allows them to exchange commands and output via multiple data manipulation techniques. Once the parties have played an equal role in generating the shared secret key, they must authenticate themselves. The most common means of authentication is via SSH asymmetric key pairs. 17965 views.

Encryption

Encryption Authentication System Administration Firewall

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. News of the day is that Webmin contained a remote code execution vulnerability, tracked as CVE-2019-15107, for more than a year. ehakkus) August 11, 2019. AppSec_Village @defcon pic.twitter.com/VxLjqpBJPF — Özkan Mustafa Akku?

Passwords

Passwords System Administration Advertising DNS

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

In most organization system administrators can disable or change most or all SSH configurations; these settings and configurations can significantly increase or reduce SSH security risks. There are also security risks connected with “host keys,” which are the other authentication method used to identify the Secure Shell server.

Risk

Risk Authentication Passwords Accountability

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

From 2017 to 2019, the FBI says credential stuffing attacks were the most common type of attack against the financial sector, accounting for 41% of total incidents. Although neither entity reported any fraud, one of the attacks resulted in an extended system outage that prevented the collection of nearly $2 million in revenue.

Banking

Banking Passwords Accountability DDOS

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

In this type of distributed denial of service (DDoS) attack, the malicious traffic generated with the technique is greater than the once associated with the use of memcached, a service that does not require authentication but has been exposed on the internet by inexperienced system administrators. Brasília time, 1:00 p.m.

DDOS

DDOS Internet Internet System Administration

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

I include a sampla here: Vulnerabilities affecting VPN and NG firewalls such as Cisco and Palo Alto Networks, much like the Palo Alto Networks GlobalProtect SSL VPN Critical Pre-authentication vulnerability – CVE-2019-1579. The disclosure blog post can be found here.

VPN

VPN Accountability Risk System Administration

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes

APRIL 21, 2021

Cybersecurity sleuths Mandiant report that they are tracking “12 malware families associated with the exploitation of Pulse Secure VPN devices” operated by groups using a set of related techniques to bypass both single and multi-factor authentication. We wrote about the apparent reluctance to patch for this vulnerability in 2019.

VPN

VPN Authentication Malware System Administration

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

RDP intrusions are typically the result of two attacker methods: brute force authentication attempts or a meddler-in-the-middle (MITM) attack. Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management.

VPN

VPN Software Authentication Encryption

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Facebook Plans on Backdooring WhatsApp [link] — Schneier Blog (@schneierblog) August 1, 2019. — Jason Haddix (@Jhaddix) July 27, 2019. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

A guide to OWASP’s secure coding

CyberSecurity Insiders

SEPTEMBER 21, 2021

Authentication and password management. Passwords are one of the least safe user authentication methods, yet they are also frequently used for web applications for safeguarding online data. Authentication is the procedure of confirming that a person, organization, or site is who they say they are. Session management.

Authentication

Authentication Passwords Software Accountability

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

This tool was used as part of an ongoing campaign that we named “ TunnelSnake “ The rootkit was detected on the targeted machines as early as November 2019; and another tool we found, showing significant code overlaps with the rootkit, suggests that the developers had been active since at least 2018. Black Kingdom ransomware.

Ransomware

Ransomware Malware Banking Encryption

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals The page resembles an authentic Microsoft Office 365 file sharing page.

Phishing

Phishing Accountability Financial Services Cloud Migration

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

SecureWorld News

JUNE 18, 2020

Shared passwords and a failure to control access: "Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords.". Day-to-day security practices had become woefully lax.". Lack of Data Loss Prevention (DLP) controls: ".there

Cybersecurity

Cybersecurity Authentication Government System Administration

Q&A on 90 Day Certificates. You asked – Sectigo Responds!

Security Boulevard

APRIL 17, 2023

The trend of shrinking certificate lifespans, or “short-lived certificates,” is one Sectigo predicted as far back as 2019. If they are public-root “SSL certificates” (server authentication) then they are affected by this change, and their lifespans will be reduced to 90 days. Has there been any pushback whatsoever from the CA’s?

Software

Software Encryption System Administration CISO

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

And they traced the cybersecurity failures to a lack of leadership and a vacant Chief Information Security Officer role: "The problems started at the top: Twitter had not had a chief information security officer (“CISO”) since December 2019, seven months before the Twitter Hack. We've discovered a catastrophic bug in your version of RSTS/E.

Social Engineering

Social Engineering Media Scams Financial Services

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. Class breaks are endemic to computerized systems, and they're not something that we as users can defend against with better personal security. For Twitter users, this attack was a double whammy.

Hacking

Hacking Banking Accountability Government

Cyber Security Informer

Latest on the SVR’s SolarWinds Hack

China-linked threat actors have breached telcos and network service providers

Trending Sources

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Microsoft Patch Tuesday, February 2022 Edition

Brute Force attack launched by Russia APT28 using Kubernetes

Microsoft provides more mitigation instructions for the PetitPotam attack

A bug is about to confuse a lot of computers by turning back time 20 years

How Secure Shell (SSH) Keys Work

Backdoored Webmin versions were available for download for over a year

Most Common SSH Vulnerabilities & How to Avoid Them

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Vulnerability Management in the time of a Pandemic

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Addressing Remote Desktop Attacks and Security

Top Cybersecurity Accounts to Follow on Twitter

A guide to OWASP’s secure coding

IT threat evolution Q2 2021

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

Q&A on 90 Day Certificates. You asked – Sectigo Responds!

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

On the Twitter Hack

Stay Connected