2019, System Administration and Technology

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. The CVE-2019-10149 flaw, aka “The Return of the WIZard,” affects versions 4.87

Software

Software System Administration Advertising Technology

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

The accused, 36-year-old John “Armada” Revesz , has maintained that Orcus is a legitimate “ R emote A dministration T ool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product. An advertisement for Orcus RAT.

Malware

Malware Advertising Marketing System Administration

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

JUNE 10, 2022

In 2019, AFRINIC fired a top employee after it emerged that in 2013 he quietly commandeered millions of IPs from defunct African entities or from those that were long ago acquired by other firms, and then conspired to sell an estimated $50 million worth of the IPs to marketers based outside Africa.

Government

Government Marketing Internet Internet

The Challenges in Building Digital Trust

SecureWorld News

DECEMBER 11, 2023

The cyberattack was the cause of this issue, of course, but the real problem at hand was that citizens had no warning that their emergency services could fail this way, nor any estimate for when the systems would be fully restored. There weren't enough users of ARPANET to warrant any real scrutiny of everyone's activities.

Technology

Technology Artificial Intelligence Cybercrime Government

Can smart cities be secured and trusted?

Thales Cloud Protection & Licensing

OCTOBER 15, 2019

With this seamless interaction of the latest IoT technologies, “smart cities” are redefining the way we live and work. There’s just one problem…these massive, radical, interconnected technology systems also raise serious privacy and security concerns. You breathe a sigh of relief! This scenario seems smart, but is it secure?

Technology

Technology Encryption Government System Administration

SPOTLIGHT: Women in Cybersecurity

McAfee

NOVEMBER 3, 2020

The RSA Conference USA 2019 held in San Francisco — which is the world’s largest cybersecurity event with more than 40,000 people and 740 speakers — is a decent measuring stick for representation of women in this field. During her first few years at Booz Allen, she supported technology, innovation and risk analysis initiatives across U.S.

Cybersecurity

Cybersecurity Architecture Cloud Migration Retail

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

DECEMBER 15, 2019

Disclosure timeline: 13th September 2019: We submitted the issue to product-security@apple.com 18th September 2019: Apple asked us the resend the screen shots 10th October 2019: Apple told us that they were planning to address this issue in a future update 30th October 2019: Apple released version 12.10.2

Mobile

Mobile Advertising System Administration Engineering

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

As first detailed by KrebsOnSecurity in July 2016 , Orcus is the brainchild of John “Armada” Rezvesz , a Toronto resident who until recently maintained and sold the RAT under the company name Orcus Technologies. In an “official press release” posted to pastebin.com on Mar. In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Marketing Software

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . The Malware Threat behind CurveBall. Yomi Hunter Catches CVE-2020-0601.

System Administration

System Administration Malware Advertising Risk

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

SEPTEMBER 11, 2019

Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. I had the chance to meet with him again at Black Hat 2019 in Las Vegas. And this inspired him to co-found LogicHub. Take PowerShell-enabled breaches, for instance.

Big data

Big data Firewall Digital transformation Software

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Last Watchdog recently sat down with Satya Gupta, founder and CTO of Virsec , a San Jose-based supplier of advanced data protection systems. Virsec is a leading innovator of memory protection technologies. Gupta put memory attacks in context of the complexity that has overtaken modern business networks.

Hacking

Hacking Energy and Utilities System Administration Accountability

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

The Last Watchdog

MARCH 13, 2019

I had a revelatory discussion about this with Aviv Grafi, CEO of Votiro, at RSA 2019 in San Francisco last week. It was designed to make it convenient for system administrators to automate tasks and manage configurations across all Windows endpoints and servers in a company network.

Malware

Malware CSO System Administration Financial Services

Malware Evolves to Present New Threats to Developers

Security Boulevard

FEBRUARY 10, 2022

In 2019 attacks on cloud services doubled , demonstrating a significant shift in the focus of APT groups. RaaS offers one example of threat actors successfully adopting technology to spread malicious code, but the shift to cloud services introduced other dangers. Modern Malicious Code Sets Sights on Supply Chain. a trusted vendor.

Malware

Malware Software Ransomware Adware

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. For instance: In September 2019, Cybereason found this hostname in old LockBit 2.0

Scams

Scams Ransomware System Administration Malware

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

To top it off, cybercriminals make use of legitimate services that are meant to help system administrators, such as PSexec, which allows remote execution of programs. System administrators that take care of physical networks are no longer needed — with cloud services management being an easy task.

Cybercrime

Cybercrime Banking Malware Ransomware

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

lazydocker : A simple terminal UI for both docker and docker-compose : [link] pic.twitter.com/HsK17rzg8m — Binni Shah (@binitamshah) July 1, 2019. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

IT threat evolution Q2 2021

SecureList

AUGUST 12, 2021

The exploit was initially identified by our advanced exploit prevention technology and related detection records. Over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and again. PuzzleMaker. Other malware.

Ransomware

Ransomware Malware Banking Encryption

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

ForAllSecure

AUGUST 16, 2019

.” Mayhem has moved on from capture the flag contests to observing and finding vulnerabilities in DoD software and is working its way to corporate systems. At one point, people were saying we were automatically generating exploits with this technology. More information about Mayhem is also available at www.forallsecure.com.

Software

Software Marketing Government Technology

Ransomware Gangs and the Name Game Distraction

Krebs on Security

AUGUST 5, 2021

REvil’s last big victim was Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. REvil is widely considered a reboot of GandCrab , a prolific ransomware gang that boasted of extorting more than $2 billion over 12 months before abruptly closing up shop in June 2019.

Ransomware

Ransomware Cybercrime Malware System Administration

Data Protection in the Digital Transformation Era

Thales Cloud Protection & Licensing

DECEMBER 3, 2019

As highlighted in the 2019 Thales Data Threat Report , an increasing number of organizations across the globe are now using sensitive data on digitally transformative technologies like cloud, virtualization, big data, IoT, blockchain, etc. The second layer of the stack covers system-level protection controls. To Sum It Up.

Digital transformation

Digital transformation Encryption Data breaches Big data

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

ForAllSecure

AUGUST 16, 2019

.” Mayhem has moved on from capture the flag contests to observing and finding vulnerabilities in DoD software and is working its way to corporate systems. At one point, people were saying we were automatically generating exploits with this technology. More information about Mayhem is also available at www.forallsecure.com.

Software

Software Marketing Government Technology

DEVOPS CHAT PODCAST: $2M DARPA AWARD SPARKS BEHAVIOR TESTING WITH FORALLSECURE'S MAYHEM SOLUTION

ForAllSecure

AUGUST 16, 2019

.” Mayhem has moved on from capture the flag contests to observing and finding vulnerabilities in DoD software and is working its way to corporate systems. At one point, people were saying we were automatically generating exploits with this technology. More information about Mayhem is also available at www.forallsecure.com.

Software

Software Marketing Government Technology

3 security lessons from an MSP that survived the Kaseya VSA attack

Malwarebytes

SEPTEMBER 16, 2021

Jay Tipton, chief executive for the Managed Service Provider (MSP) Technology Specialists, remembers his Fourth of July weekend this year like many MSP employees likely remember theirs: As a bit of a nightmare. Early the next morning, Northshore systems administrator Ski Kacoroski arrived on scene.

Ransomware

Ransomware Backups Passwords Software

Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19

Herjavec Group

OCTOBER 30, 2020

Like it or not, within a few months, educational institutions have now become enterprise IT entities, taking on all the responsibilities of securely delivering qualitative technology services. Ask your school system administrators to provide a copy of their incident response policies and plans. So, what to do?

Education

Education Wireless System Administration Firewall

Black Kingdom ransomware

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. Black Kingdom is not a new player: it was observed in action following other vulnerability exploitations in 2020, such as CVE-2019-11510. CVE-2019-11510. Product affected. Pulse Secure. March 2021. Microsoft Exchange Server.

Ransomware

Ransomware Encryption VPN System Administration

Q&A on 90 Day Certificates. You asked – Sectigo Responds!

Security Boulevard

APRIL 17, 2023

The trend of shrinking certificate lifespans, or “short-lived certificates,” is one Sectigo predicted as far back as 2019. However, the burden of system administrators carrying this out five or six times a year should not be underestimated. Question Sectigo’s response What is Sectigo’s stance on Chrome’s proposal?

Software

Software Encryption System Administration CISO

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

SecureWorld News

JUNE 18, 2020

Shared passwords and a failure to control access: "Most of our sensitive cyber weapons were not compartmented, users shared systems administrator-level passwords.". Please explain why this is consistent with federal cybersecurity best practices detailed by the National Institute of Standards and Technology.".

Cybersecurity

Cybersecurity Authentication Government System Administration

Is Cloud Storage Safe From Ransomware?

Spinone

FEBRUARY 18, 2020

These are words that no system administrator or business leader wants to hear from anyone using a computer on their network. However, this year in 2019, many IT professionals and business leaders alike have had to deal with the very real and alarming scenario of a ransomware attack. billion in 2019 worldwide.

Ransomware

Ransomware Encryption Malware Backups

A guide to OWASP’s secure coding

CyberSecurity Insiders

SEPTEMBER 21, 2021

The technological measures related to minimizing the incidence of software bugs are the subject of the OWASP Checklist. For example, in 2019 attackers hacked 773 million Outlook emails. Implement an asset management system and register system components and software in it. Database security. File management.

Authentication

Authentication Passwords Software Accountability

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

Like, okay, you know, I don't have time to order more, but the next year in 2019, I took 5000 and I didn't attend a single talk. Because as we become more dependent on technology and security, I'm sorry, more dependent on technology, security, and privacy is gonna become more important in our lives. on society.

Hacking

Hacking Technology InfoSec Media

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

And they traced the cybersecurity failures to a lack of leadership and a vacant Chief Information Security Officer role: "The problems started at the top: Twitter had not had a chief information security officer (“CISO”) since December 2019, seven months before the Twitter Hack. We've discovered a catastrophic bug in your version of RSTS/E.

Social Engineering

Social Engineering Media Scams Financial Services

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. There are many security technologies companies like Twitter can implement to better protect themselves and their users; that's not the issue. Maybe this hack will serve as a wake-up call.

Hacking

Hacking Banking Accountability Government

Cyber Security Informer

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Orcus RAT Author Charged in Malware Scheme

Trending Sources

Adconion Execs Plead Guilty in Federal Anti-Spam Case

The Challenges in Building Digital Trust

Can smart cities be secured and trusted?

SPOTLIGHT: Women in Cybersecurity

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Canadian Police Raid ‘Orcus RAT’ Author

Yomi Hunter Catches the CurveBall

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

Malware Evolves to Present New Threats to Developers

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Top Cybersecurity Accounts to Follow on Twitter

IT threat evolution Q2 2021

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

Ransomware Gangs and the Name Game Distraction

Data Protection in the Digital Transformation Era

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

DEVOPS CHAT PODCAST: $2M DARPA AWARD SPARKS BEHAVIOR TESTING WITH FORALLSECURE'S MAYHEM SOLUTION

3 security lessons from an MSP that survived the Kaseya VSA attack

Raising a Cyber-Savvy Village: Remote Learning Security in the Age of COVID-19

Black Kingdom ransomware

Q&A on 90 Day Certificates. You asked – Sectigo Responds!

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

Is Cloud Storage Safe From Ransomware?

A guide to OWASP’s secure coding

The Hacker Mind Podcast: Ethical Hacking

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

On the Twitter Hack

Stay Connected