2021, Accountability, Passwords and System Administration

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Mitigation: do not store files containing sensitive data, such as passwords or backups, in web application publish directories.

Passwords

Passwords Authentication Architecture Risk

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” Michael Sanders , executive vice president of account management at Kaseya, confirmed that the customer portal was taken offline in response to a vulnerability report.

Software

Software Ransomware System Administration Authentication

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. The biggest is password re-use by cybercriminals (yes, crooks are lazy, too). 3 was Lublin, Poland.

Ransomware

Ransomware Cybercrime System Administration Passwords

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203 , that could be exploited by attackers to compromise a customer’s cloud infrastructure. EIM is the company’s two-year-old edge computing-management suite. or later to fix the bug.

Authentication

Authentication Passwords Accountability System Administration

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were then able to use the “PrintNightmare” Windows Print Spooler vulnerability ( CVE-2021-34527 and CVE-2021-36958 ) to obtain administrator privileges. Inactive Accounts and Default Configurations.

VPN

VPN Accountability Authentication Passwords

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. was also used to register an account at the online game stalker[.]so ru account is connected to the Telegram account “ Perchatka ,” (“glove” in Russian). ru account and posted as him.

Ransomware

Ransomware Accountability Cybercrime Backups

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Unfortunately, in an echo of the Y2K bug, a flaw in some versions of GPSD could cause time to roll back after October 23, 2021. The buggy versions of the code reportedly subtract 1024 from the week number on October 24, 2021. Various businesses and organizations rely on these systems. How bad is it?

Authentication

Authentication System Administration Firmware Passwords

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

CNA’s network was compromised in March 2021. Attackers often use privilege escalation exploits to increase their access rights, or tools like Mimikatz that can extract passwords from a computer’s memory. You can listen to it below, or on Apple Podcasts , Spotify , and Google Podcasts.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. Type enable and the corresponding system password initially set during system installation to enter EXEC PRIVILEGED mode. The command line prompt will be changed from > to #.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. Type enable and the corresponding system password initially set during system installation to enter EXEC PRIVILEGED mode. The command line prompt will be changed from > to #.

VPN

VPN Authentication Mobile Firewall

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally: Conduct regular backups and store them as air-gapped, password-protected copies offline. Update and patch operating systems, software, and firmware as soon as updates and patches are released. BlackByte Ransomware Protection Steps.

Ransomware

Ransomware Encryption Backups Accountability

API Security for the Modern Enterprise

IT Security Guru

SEPTEMBER 7, 2022

Per a recent report from Q4 2020 to Q4 2021 , the average number of APIs per company increased by 221% in 12 months and that API attack traffic grew by 681% while overall API traffic grew by 321%. password guessing). Microservices Architecture has Created a Security Blind Spot. API Security Tools.

DDOS

DDOS Authentication Architecture Social Engineering

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. — Eva (@evacide) October 4, 2021.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

SCCM Hierarchy Takeover with High Availability

Security Boulevard

FEBRUARY 21, 2024

Abusable Requirements The first issue that raises an eyebrow is the requirement that the machine account for the passive site server must be a member of the LOCAL ADMINISTRATORS group on the active site server. Figure 2: Site Installation Account Next, we’ll shift focus to the site database role. 10.10.100.121:445.

Authentication

Authentication Accountability System Administration Software

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. While Verizon even admits in the 2021 DBIR that they’re not entirely sure why email is still such a big thing, but it does serve its purposes.

Phishing

Phishing Accountability Social Engineering Mobile

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

As remote desktop solutions are prevalent among IT and managed service providers (MSP), downstream clients can be at risk, as Kaseya experienced in 2021. In November 2021, an unauthorized third party called a Robinhood customer support employee and, through social engineering , gained access to the company’s customer support systems.

VPN

VPN Software Authentication Encryption

A guide to OWASP’s secure coding

CyberSecurity Insiders

SEPTEMBER 21, 2021

If any potentially hazardous characters must be allowed as input, be sure that you implement additional controls like output encoding, secure task specific APIs, and accounting to use that data throughout the application. Authentication and password management. Implement password hashing on a trusted system.

Authentication

Authentication Passwords Software Accountability

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes

APRIL 21, 2021

The obvious advice here is to review the Pulse advisories for these vulnerabilities and follow the recommended guidance, which includes changing all passwords in the environments that are impacted. The new vulnerability (CVE-2021-22893) is a Remote Code Execution (RCE) vulnerability with a CVSS score of 10—the maximum—and a Critical rating.

VPN

VPN Authentication Malware System Administration

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack. When administrators noticed suspicious behavior on Friday, Kaseya shut down VSA. VSA server breached. Managing supply chain risk.

Ransomware

Ransomware B2B Software System Administration

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware

Malware Social Engineering Encryption Marketing

Check: that Republican audit of Maricopa

Security Boulevard

SEPTEMBER 24, 2021

Later today (Friday, September 24, 2021), Republican auditors release their final report on the found with elections in Maricopa county. Dominion simply uses “role based security” instead of normal user accounts. The auditors claim account passwords must “be changed every 90 days”. Author: Robert Graham (@erratarob).

Software

Software Computers and Electronics Accountability Firewall

Check: that Republican audit of Maricopa

Errata Security

SEPTEMBER 24, 2021

Author: Robert Graham (@erratarob) Later today (Friday, September 24, 2021), Republican auditors release their final report on the found with elections in Maricopa county. Dominion simply uses “role based security” instead of normal user accounts. The auditors claim account passwords must “be changed every 90 days”.

Software

Software Computers and Electronics Accountability Firewall

Cyber Security Informer

Top 10 web application vulnerabilities in 2021–2023

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Trending Sources

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

China-linked threat actors have breached telcos and network service providers

A Closer Look at the Snatch Data Ransom Group

A bug is about to confuse a lot of computers by turning back time 20 years

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

API Security for the Modern Enterprise

Top Cybersecurity Accounts to Follow on Twitter

SCCM Hierarchy Takeover with High Availability

The Phight Against Phishing

Addressing Remote Desktop Attacks and Security

A guide to OWASP’s secure coding

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Kaseya Breach Underscores Vulnerability of IT Management Tools

Updates from the MaaS: new threats delivered through NullMixer

Check: that Republican audit of Maricopa

Check: that Republican audit of Maricopa

Stay Connected