Security Affairs

JUNE 2, 2020

Researchers disclosed a flaw in VMware Cloud Director platform, tracked as CVE-2020-3956 , that could be abused to takeover corporate servers. Modify the login page to Cloud Director, which allows the attacker to capture passwords of another customer in plaintext, including System Administrator accounts.

System Administration 84

System Administration Accountability Advertising Authentication 84

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware 126

Ransomware System Administration Malware Authentication 126

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 92

Telecommunications Authentication Passwords Accountability 92

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”

Passwords 135

Passwords Social Engineering Software System Administration 135

SecureWorld News

SEPTEMBER 15, 2020

Between January and August 2020, unidentified actors used aggregation software to link actor-controlled accounts to client accounts belonging to the same institution, resulting in more than $3.5 Some of the credentials belonged to company leadership, system administrators, and other employees with privileged access.".

Banking 56

Banking Passwords Accountability DDOS 56

SecureWorld News

OCTOBER 15, 2020

A group of teenagers used social engineering to breach Twitter's network and take over the accounts of a whole bunch of A-listers. The teens also took over Twitter accounts of several cryptocurrency companies regulated by the New York State Department of Financial Services (NYDFS). How did the Twitter account takeover attack work?

Social Engineering 95

Social Engineering Media Scams Financial Services 95

Security Affairs

JUNE 3, 2023

At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure. Additionally, the APT group also impersonates operators or administrators of popular web portals claiming that a victim’s account has been locked following suspicious activity or fraudulent use.

Social Engineering 84

Social Engineering Phishing System Administration Engineering 84

Malwarebytes

APRIL 21, 2021

Most of the problems discovered by Pulse Secure and Mandiant involve three vulnerabilities that were patched in 2019 and 2020. CVE-2020-8243 a vulnerability in the Pulse Connect Secure < 9.1R8.2 The identified threat actors were found to be harvesting account credentials. The old vulnerabilities.

VPN 73

VPN Authentication Malware System Administration 73

IT Security Guru

APRIL 12, 2022

The attackers target the legacy and insecure IMAP protocol to bypass MFA settings and compromise cloud-based accounts providing access to SaaS apps. The use of legacy protocols such as POP or IMAP, make it difficult for system administrators to set up and activate MFA. Attackers target Citrix with insecure legacy protocols.

CISO 102

CISO Passwords Marketing System Administration 102

eSecurity Planet

MAY 27, 2024

This affected system administrators worldwide. The fix: Administrators should download and install the KB5039705 OOB update via Windows Update, WSUS, or the Microsoft Update Catalog. The problem: CVE-2020-17519 , a four-year-old vulnerability that affects Apache Flink versions 1.11.0

Backups 64

Backups Authentication DDOS Engineering 64

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. All the attacker needs to do, he says, is to take over the account of a legitimate user to attain deep access to a lot of sensitive information stored in the cloud. And threat actors have become adept at account takeovers.

Encryption 176

Encryption Artificial Intelligence IoT Data collection 176

eSecurity Planet

FEBRUARY 15, 2022

Update and patch operating systems, software, and firmware as soon as updates and patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Federal organizations will only have until February 24, 2022 to patch this vulnerability. How to Use the CISA Catalog.

Ransomware 126

Ransomware Encryption Backups Accountability 126

Security Boulevard

DECEMBER 2, 2022

In most organization system administrators can disable or change most or all SSH configurations; these settings and configurations can significantly increase or reduce SSH security risks. Disabling root account remote login - This prevents users from logging in as the root (super user) account.

Risk 64

Risk Authentication Passwords Accountability 64

SecureList

OCTOBER 20, 2021

On top of that, due to changes in legislation that limited financial institutions in hiring external services, the number of cases we investigated for financial industry clients in 2020 was zero. We investigated 200 cases for clients in Russia in 2020, and already over 300 in the first nine months of 2021.

Cybercrime 140

Cybercrime Banking Malware Ransomware 140

IT Security Guru

SEPTEMBER 7, 2022

Per a recent report from Q4 2020 to Q4 2021 , the average number of APIs per company increased by 221% in 12 months and that API attack traffic grew by 681% while overall API traffic grew by 321%. Microservices Architecture has Created a Security Blind Spot. password guessing). API Security Tools.

DDOS 114

DDOS Authentication Architecture Social Engineering 114

NopSec

MARCH 16, 2020

Are all Microsoft(MS) Remote Desktop connections to the outside world accounted for and adequately protected? Are all the OWA – Outlook Web Access – installations accounted for and adequately protected? Are all file sharing accounts accounted for and adequately protected? Are all CMS websites accounted for?

VPN 40

VPN Accountability Risk System Administration 40

eSecurity Planet

JULY 6, 2021

After a series of highly publicized ransomware attacks this spring, the Kaseya attack most resembles the compromise of SolarWinds in late 2020. Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack.

Ransomware 119

Ransomware B2B Software System Administration 119

eSecurity Planet

MARCH 25, 2022

Like in the case of SolarWinds in 2020, masked threat actors aren’t afraid to linger for months during reconnaissance. A few days later, IT systems started malfunctioning with ransom messages following. The system administrator did not configure standard security controls when installing the server in question.

VPN 117

VPN Software Authentication Encryption 117

CyberSecurity Insiders

SEPTEMBER 21, 2021

If any potentially hazardous characters must be allowed as input, be sure that you implement additional controls like output encoding, secure task specific APIs, and accounting to use that data throughout the application. Implement password hashing on a trusted system. Hackers can use these credentials to get access to all accounts.

Authentication 79

Authentication Passwords Software Accountability 79

Security Boulevard

SEPTEMBER 24, 2021

Dominion simply uses “role based security” instead of normal user accounts. The auditors claim account passwords must “be changed every 90 days”. Ideally, accounts wouldn’t be created until they were needed. In practice, system administrators aren’t available (again, it’s an airgapped system, so no remote administration).

Software 110

Software Computers and Electronics Accountability Firewall 110

Errata Security

SEPTEMBER 24, 2021

Dominion simply uses “role based security” instead of normal user accounts. The auditors claim account passwords must “be changed every 90 days”. Ideally, accounts wouldn’t be created until they were needed. In practice, system administrators aren’t available (again, it’s an airgapped system, so no remote administration).

Software 109

Software Computers and Electronics Accountability Firewall 109

SecureList

JUNE 17, 2021

Black Kingdom is not a new player: it was observed in action following other vulnerability exploitations in 2020, such as CVE-2019-11510. Transactions made to a Bitcoin account. Product affected. CVE-2019-11510. Pulse Secure. March 2021. CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. Microsoft Exchange Server.

Ransomware 133

Ransomware Encryption VPN System Administration 133

McAfee

NOVEMBER 3, 2020

Thursday, November 5, 2020. In this role, Diane is accountable for the security of the retail stores, cyber-security, infrastructure, security/network engineering, data protection, third-party risk assessments, Directory Services, SOX & PCI compliance, application security, security awareness and Identity Management. Live Panel.

Cybersecurity 93

Cybersecurity Architecture Cloud Migration Retail 93

Security Boulevard

JUNE 20, 2022

On December 15, 2020, Microsoft published their new revised version of Securing Privileged Access on Microsoft docs, including the Enterprise Access Model, which encompasses both on-prem, Operational Technology (OT), Azure, and other cloud providers. They recommend tiered administration with dedicated admin accounts.

Accountability 52

Accountability Risk Authentication Passwords 52

eSecurity Planet

MAY 19, 2022

This cloud-centric model offers administrators granular network management opportunities while leveraging the bandwidth and reducing the cost of service delivery. Experienced administrators understand the importance of inspecting all network traffic. Traditional Networks vs Software-Define Networks (SDN). Inspecting Web Traffic.

Firewall 56

Firewall Architecture Software Backups 56

Digital Shadows

AUGUST 17, 2021

Going back a bit, it was also the top attack vector in 2020, 2019, 2018, 2017, 2016, and well, hopefully, you get the picture. The targeted phishing is going after folks in HR using fake but malicious resumes or payroll and accounts receivable teams to move legitimate payment accounts into attacker control.

Phishing 52

Phishing Accountability Social Engineering Mobile 52

Spinone

FEBRUARY 18, 2020

These are words that no system administrator or business leader wants to hear from anyone using a computer on their network. SpinOne still allows the user account access to the environment. In other words, an employee whose user account has been victimized will still have access to his or her G Suite or Office 365 account.

Ransomware 52

Ransomware Encryption Malware Backups 52

SecureList

AUGUST 12, 2021

Black Kingdom first appeared in 2019; in 2020 the group was observed exploiting vulnerabilities (such as CVE-2019-11510) in its attacks. In 2019, Gootkit stopped operating after it experienced a data leak , but has been active again since November 2020. Black Kingdom ransomware. Notify your supervisors as soon as possible.

Ransomware 138

Ransomware Malware Banking Encryption 138

SecureList

OCTOBER 12, 2023

The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. ToddyCat is an advanced APT actor that we described in a previous publication last year.

Encryption 119

Encryption Passwords Malware Firewall 119

ForAllSecure

MAY 26, 2022

And then in 2020 pandemic, you know, DEF CON was all virtual. And, you know, I had the Twitter account ID set up in 2018. I had tweeted this video, it's pinned on our Twitter account hack, not crime. I just handed out stickers, and it kind of just, it started taking off from there, I think.

Hacking 52

Hacking Technology InfoSec Media 52