2019, Information Security and System Administration

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. The CVE-2019-10149 flaw, aka “The Return of the WIZard,” affects versions 4.87

Software

Software System Administration Advertising Technology

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. 2019, he obtained a visa from the American Embassy in Bangkok, Thailand. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer. info , allproxy[.]info It shows that in Oct.

Advertising

Advertising Cybercrime System Administration Hacking

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

Ransomware operators are exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992, to encrypt virtual hard disks. Security experts are warning of ransomware attacks exploiting two VMWare ESXi vulnerabilities, CVE-2019-5544 and CVE-2020-3992 , to encrypt virtual hard disks.

Encryption

Encryption Ransomware System Administration Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Ensure that you have dedicated management systems [ D3-PH ] and accounts for system administrators. Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ]. Protect these accounts with strict network policies [ D3-UAP ].

Telecommunications

Telecommunications Authentication Passwords Accountability

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Software

Software System Administration Advertising Accountability

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. companies, predominantly in the restaurant, gambling, and hospitality industries.” ” concludes DoJ.

System Administration

System Administration Penetration Testing Malware Banking

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

.” Customers can check whether their NAS is exposed online by using the Security Counselor, a built-in security portal for QNAP NAS devices. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router. Follow me on Twitter: @securityaffairs and Facebook.

Internet

Internet Internet Ransomware Encryption

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The Makop criminals were recently using version 2.5.3869 of the tool, which dates back to 2019. In fact, Makop criminals are still using tools built back in 2019 and 2020 to compromise small and medium enterprises around the world. Advanced_Port_Scanner_2.5.3869.exe Everything is freeware software maintained by Voidtools.

Ransomware

Ransomware Software System Administration Encryption

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by the group since 2019. In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function.

Banking

Banking Telecommunications System Administration Hacking

SPOTLIGHT: Women in Cybersecurity

McAfee

NOVEMBER 3, 2020

The RSA Conference USA 2019 held in San Francisco — which is the world’s largest cybersecurity event with more than 40,000 people and 740 speakers — is a decent measuring stick for representation of women in this field. Please join McAfee, AWS, and our customers to discuss the impact women are having on information security in the cloud.

Cybersecurity

Cybersecurity Architecture Cloud Migration Retail

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

DECEMBER 15, 2019

Disclosure timeline: 13th September 2019: We submitted the issue to product-security@apple.com 18th September 2019: Apple asked us the resend the screen shots 10th October 2019: Apple told us that they were planning to address this issue in a future update 30th October 2019: Apple released version 12.10.2

Mobile

Mobile Advertising System Administration Engineering

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. News of the day is that Webmin contained a remote code execution vulnerability, tracked as CVE-2019-15107, for more than a year. I'ill share detailed information about my presentation and vulnerabilities very soon!

Passwords

Passwords System Administration Advertising DNS

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

“Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . The Malware Threat behind CurveBall.

System Administration

System Administration Malware Advertising Risk

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

In January of 2019, Reuters published a report into Project Raven, a campaign allegedly conducted by former NSA operatives and aiming at the same types of targets as Stealth Falcon. The Windows Background Intelligent Transfer Service (BITS) service is a built-in component of the Microsoft Windows operating system.

Malware

Malware Advertising System Administration Spyware

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Denial-of-Suez attack.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. For instance: In September 2019, Cybereason found this hostname in old LockBit 2.0

Scams

Scams Ransomware System Administration Malware

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The campaign, dubbed PerSwaysion due to the extensive abuse of Microsoft Sway, has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators. ?ybercriminals The original post is available: [link].

Phishing

Phishing Accountability Financial Services Cloud Migration

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware

Malware Social Engineering Encryption Marketing

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

And they traced the cybersecurity failures to a lack of leadership and a vacant Chief Information Security Officer role: "The problems started at the top: Twitter had not had a chief information security officer (“CISO”) since December 2019, seven months before the Twitter Hack.

Social Engineering

Social Engineering Media Scams Financial Services

Cyber Security Informer

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Meet the Administrators of the RSOCKS Proxy Botnet

Webinars

Trending Sources

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Webinars

China-linked threat actors have breached telcos and network service providers

Cisco fixes a static default credential issue in Smart Software Manager tool

A member of the FIN7 group was sentenced to 10 years in prison

How to secure QNAP NAS devices? The vendor’s instructions

Dissecting the malicious arsenal of the Makop ransomware gang

Caketap, a new Unix rootkit used to siphon ATM banking data

SPOTLIGHT: Women in Cybersecurity

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Backdoored Webmin versions were available for download for over a year

Roboto, a new P2P botnet targets Linux Webmin servers

Yomi Hunter Catches the CurveBall

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Top Cybersecurity Accounts to Follow on Twitter

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Updates from the MaaS: new threats delivered through NullMixer

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

Stay Connected