eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Also read: Top Endpoint Detection and Response (EDR) Solutions for 2021. — Eva (@evacide) October 4, 2021. Read more: Top IT Asset Management Tools for Security.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. In 2021, that hostname appeared in SMTP messages reported as a “romance scam” in a popular romance and dating scam tracking forum.

Scams 119

Scams Ransomware System Administration Malware 119

Security Affairs

FEBRUARY 5, 2021

4 XSS in FortiWeb (CVE-2021-22122), found by Andrey Medov, have been patched. cmdb_edit_path=");alert('xss');// Advisory: [link] pic.twitter.com/jCOILHKWc4 — PT SWARM (@ptswarm) February 4, 2021. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Firewall 112

Firewall System Administration Technology Hacking 112

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Cryptocurrency 105

Cryptocurrency Malware Advertising System Administration 105

Security Affairs

APRIL 26, 2021

The authorities started pushing out a 32-bit payload named “ EmotetLoader.dll ” to clean up the infected systems, the process was set to trigger itself automatically on April 25, 2021 as confirmed by researchers at Malwarebytes. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Malware 97

Malware Banking System Administration Hacking 97

Malwarebytes

JULY 23, 2021

Two months after fully restoring its systems, CNA Financial, the leading US insurance company that was attacked by a group using Phoenix CryptoLocker ransomware, issued a legal notice of an information security incident to the Consumer Protection Bureau in New Hampshire. CNA’s network was compromised in March 2021.

Ransomware 96

Ransomware Unstructured Data Accountability Consumer Protection 96

Security Affairs

MAY 5, 2021

Researchers from Tenable have disclosed a critical authentication bypass vulnerability in HPE Edgeline Infrastructure Manager (EIM), tracked as CVE-2021-29203 , that could be exploited by attackers to compromise a customer’s cloud infrastructure. EIM is the company’s two-year-old edge computing-management suite. or later to fix the bug.

Authentication 89

Authentication Passwords Accountability System Administration 89

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021.

Malware 211

Malware VPN Internet Internet 211

Security Affairs

JUNE 8, 2022

Ensure that you have dedicated management systems [ D3-PH ] and accounts for system administrators. Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ]. Protect these accounts with strict network policies [ D3-UAP ].

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95

SC Magazine

JUNE 29, 2021

The HHS Office of Information Security is tasked with managing department-wide cybersecurity, for which the agency has established policies and procedures that clearly outline roles and responsibilities within the agency for documenting and implementing its cybersecurity program.

Healthcare 68

Healthcare Cybersecurity CISO Cyber threats 68

Security Affairs

MARCH 14, 2023

The tool is basically a search engine for local and network shared files inside a Windows environment: unlike the default Windows search, it is designed to locate files and folders by filename instantly, speeding up system information discovery. Its name is YDArk and it is an open-source tool available even on GitHub ( link ).

Ransomware 81

Ransomware Software System Administration Encryption 81

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware 82

Malware Social Engineering Encryption Marketing 82

Kali Linux

MARCH 28, 2023

In information security (infosec) there is the need to be on the latest version. Being a system administrator, a patch could contain a security update to stop a vulnerability. One of the reasons it was so well received was because of the updated versions of most packages.

InfoSec 52

InfoSec Penetration Testing Architecture Software 52