Accountability, Authentication and System Administration

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA.

Authentication

Authentication VPN System Administration Engineering

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. The authentication bypass flaw affects HPE Edgeline Infrastructure Manager (EIM) version 1.21. ” reads the security advisory published. Rated critical, with a CVSS score of 9.8,

Authentication

Authentication Passwords Accountability System Administration

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

Related: How ‘PAM’ improves authentication. These hacking waves contribute to the harvesting of account credentials and unauthorized access to loosely-configured servers; and these ill-gotten assets can, in turn, be utilized to execute different stages of higher-level hacks, such as account takeovers and ransomware campaigns.

Accountability

Accountability Passwords Hacking Cyber Risk

What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

Duo's Security Blog

APRIL 6, 2022

One common hurdle for systems administrators setting up new Duo Unix integrations is PAM — Pluggable Authentication Modules. We hope that the guidance below, combined with our extensive documentation , will help those setting up new integrations get their systems configured quickly and easily. What is PAM? Other Flags.

Authentication

Authentication Passwords Backups System Administration

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

A JSON Web Token (JWT) is a sort of session token that represents a user’s valid authenticated session on a website. The expert used the JWT to access the GSPIMS portal and after gaining access to the platform he discovered an account with system administrator privileges. System Admins can access all the tabs.”

System Administration

System Administration Accountability Passwords Hacking

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. Read our guide on privilege escalation attacks next to learn about the detection and prevention strategies for your privileged accounts and data.

Risk

Risk Authentication System Administration Ransomware

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Webroot

APRIL 2, 2024

This brute force capability poses a significant threat to systems protected by weak or commonly used passwords. It underscores the necessity for robust password policies and advanced security measures like Multi-Factor Authentication (MFA) and encryption methods resilient against GPU-powered attacks.

Cybersecurity

Cybersecurity Passwords VPN Authentication

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Hot for Security

FEBRUARY 10, 2021

. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”. The notice further warns about the use of Windows 7, which Microsoft stopped supporting in January of last year.

Hacking

Hacking Social Engineering System Administration Passwords

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

APRIL 6, 2021

Côté outlined how and why many SMBs are in a position to materially improve their security posture – by going back to a few security basics, in particular by paying closer attention to privileged account management , or PAM. Some context: privileged accounts first arose 20 years ago as our modern business networks took shape.

Accountability

Accountability Passwords Digital transformation Authentication

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week.

VPN

VPN Accountability Authentication Passwords

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model. An XSS attack against the application’s clients can be used for obtaining user authentication information, such as cookies, phishing or spreading malware.

Passwords

Passwords Authentication Architecture Risk

Arachnophobic: How Duo Customers Can Respond to CISA’s Report on Scattered Spider

Duo's Security Blog

NOVEMBER 27, 2023

We also recognize that defenders and system administrators operate with a lot of constraints and aren’t always able to configure their environment to their ideal security posture. Be especially aware of the owner role, which is a super-admin role: it can grant admin privileges to other accounts.

Authentication

Authentication Social Engineering Risk Accountability

Microsoft provides more mitigation instructions for the PetitPotam attack

Malwarebytes

JULY 29, 2021

The attack could force remote Windows systems to reveal password hashes that could then be easily cracked. Microsoft quickly sent out an advisory for system administrators to stop using the now deprecated Windows NT LAN Manager (NTLM) to thwart an attack. The authentication process does not require the plaintext password.

Authentication

Authentication Passwords Encryption System Administration

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. “This is worse because the CVE calls for an authenticated user,” Holden said. “This was not.”

Software

Software Ransomware System Administration Authentication

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. com sometime around Dec.

Phishing

Phishing Passwords Accountability Authentication

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Various businesses and organizations rely on these systems. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.

Authentication

Authentication System Administration Firmware Passwords

SCCM Hierarchy Takeover with High Availability

Security Boulevard

FEBRUARY 21, 2024

Abusable Requirements The first issue that raises an eyebrow is the requirement that the machine account for the passive site server must be a member of the LOCAL ADMINISTRATORS group on the active site server. Figure 2: Site Installation Account Next, we’ll shift focus to the site database role.

Authentication

Authentication Accountability System Administration Software

US CISA and NSA publish guidance to secure Kubernetes deployments

Security Affairs

AUGUST 4, 2021

It guides system administrators and developers of National Security Systems on how to deploy Kubernetes with example configurations for the recommended hardening measures and mitigations. Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.

System Administration

System Administration Architecture Firewall Risk

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.” Windows 10).

Passwords

Passwords Social Engineering Software System Administration

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May.

VPN

VPN Authentication Mobile Firewall

API Security for the Modern Enterprise

IT Security Guru

SEPTEMBER 7, 2022

Or, if you’re using an external API for authentication, then your authentication token could be stolen by an attacker who has gained access to the server hosting that external service via some other means such as social engineering or brute force attacks on their account credentials (e.g., password guessing).

DDOS

DDOS Authentication Architecture Social Engineering

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

PKI is the authentication and encryption framework on which the Internet is built. It works by issuing digital certificates to verify the authenticity of the servers ingesting the data trickling in from our smartphones, Internet of Things sensors and the like. And threat actors have become adept at account takeovers.

Encryption

Encryption Artificial Intelligence IoT Data collection

Cybersecurity agencies: You don’t have to delete PowerShell to secure it

Malwarebytes

JUNE 24, 2022

It allows system administrators and power users to perform administrative tasks via a command line—an area where Windows previously lagged behind its Unix-like rivals with their proliferation of *sh shells. Multiple authentication methods in PowerShell permit use on non-Windows devices.

Cybersecurity

Cybersecurity Malware Firewall System Administration

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May.

VPN

VPN Authentication Mobile Firewall

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

They then were able to trick some 18,000 companies into deploying an authentically-signed Orion update carrying a heavily-obfuscated backdoor. Its function is to record events in a log for a system administrator to review and act upon. “One It’s encouraging that the technology to do that is available. Acohido.

Software

Software Internet Internet System Administration

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind, and use multifactor authentication. 7 SP1, 8, 8.1) How to Use the CISA Catalog.

Ransomware

Ransomware Encryption Backups Accountability

The Implications of the Uber Breach

Security Boulevard

SEPTEMBER 17, 2022

These types of "unauthorized access" attacks account for 50% of all data breaches and can cost companies as much as $9.5M Zero trust is built on the principle that no person or device inside or outside of an organization's network should be granted access to connect to systems until authenticated and continuously verified.

Social Engineering

Social Engineering Education Technology Artificial Intelligence

Make It Your Own: Brand Customization With Our Universal Prompt

Duo's Security Blog

NOVEMBER 16, 2020

The project touches many aspects of Duo, but focuses on drastically improving Duo’s web-based authentication interface. A consistent request we’ve heard from customers is, ‘we want more flexibility around customizing the authentication prompt. The interface, or prompt, is a core component in delivering our secure access solution.

Authentication

Authentication System Administration Mobile Phishing

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

Between January and August 2020, unidentified actors used aggregation software to link actor-controlled accounts to client accounts belonging to the same institution, resulting in more than $3.5 Some of the credentials belonged to company leadership, system administrators, and other employees with privileged access.".

Banking

Banking Passwords Accountability DDOS

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

In most organization system administrators can disable or change most or all SSH configurations; these settings and configurations can significantly increase or reduce SSH security risks. Disabling root account remote login - This prevents users from logging in as the root (super user) account.

Risk

Risk Authentication Passwords Accountability

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

He is also looking for opportunities to collect additional access parameters (usernames and passwords), elevate privileges, or use already existing compromised accounts for unauthorized access to systems, applications, and data. Cybercriminals may also perform some destructive actions aimed at data or systems.

Accountability

Accountability Passwords Authentication Social Engineering

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year.

Passwords

Passwords System Administration Advertising DNS

Duo Has Been Recognized as a Customers’ Choice for Access Management in Gartner® Peer Insights™ Two Years in a Row!

Duo's Security Blog

MAY 6, 2022

Reviews go through a strict validation and moderation process in an effort to ensure they are authentic. The icing on the cake was how easy it was to onboard all our new users seamlessly and naturally without any friction.” – Security Account Executive , Media and Publishing Industry “We love how simple this is to use for our customers.

Marketing

Marketing System Administration Media Authentication

Ransomware: Why do backups fail when you need them most?

Malwarebytes

OCTOBER 22, 2021

So why do we keep hearing things like this: We’re also feeling relatively confident, we have a very good backup system … and then we find out at about four or five hours after the [ransomware] attack that our backup system is completely gone. Ski Kacoroski, System administrator, Northshore School District.

Backups

Backups Ransomware System Administration DNS

Vulnerability Management and the Road Less Traveled

NopSec

OCTOBER 19, 2015

A NULL session attack is something that system administrators often neglect to consider when hardening networks. This can lead to disastrous results as enumeration of a null session can divulge just about every bit of useful information an attacker needs to remotely gain access to a system.

Firewall

Firewall VPN Passwords System Administration

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

Are all Microsoft(MS) Remote Desktop connections to the outside world accounted for and adequately protected? Are all the OWA – Outlook Web Access – installations accounted for and adequately protected? Are all file sharing accounts accounted for and adequately protected? Are all CMS websites accounted for?

VPN

VPN Accountability Risk System Administration

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. Denial-of-Suez attack.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

How to Perform a Vulnerability Scan in 10 Steps

eSecurity Planet

JULY 20, 2023

This thorough scan with a comprehensive configuration helps in the identification of the software and services operating on the systems, which is critical for successful CVE scanning. Performing a complete scan with authentication, which entails giving valid login credentials, may increase the number of CVE findings identified.

Authentication

Authentication Penetration Testing Risk Software

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Facebook’s Two-Factor Authentication phone numbers exposed: After prompting users to provide phone numbers to secure their accounts, Facebook allows anyone to look up their account by using them. Denying anything happened gives system administrators more time to identify and patch newly discovered vulnerabilities.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Alarmingly, this API lacks any form of authentication, allowing virtually anyone, even a malicious website you might visit, to send commands to the CLI. They can be remotely exploited without authentication, potentially enabling remote code execution, service disruptions, and arbitrary operations on the routers. via port 8076.

VPN

VPN Firmware Authentication Phishing

Linux Patch Management: Tools, Issues & Best Practices

eSecurity Planet

JUNE 21, 2023

By concentrating on crucial patches that fix serious flaws or have a significant influence on system stability, system administrators may make sure that resources are used effectively and that possible disruptions are kept to a minimum. Professional plans start from $245/year up to $24,295/year.

Software

Software Backups Risk System Administration

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

NOVEMBER 30, 2021

Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. What is Privileged Access Management (PAM)?

Software

Software Accountability Government Passwords

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Trending Sources

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

Researcher compromised the Toyota Supplier Management Network

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

China-linked threat actors have breached telcos and network service providers

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Top 10 web application vulnerabilities in 2021–2023

Arachnophobic: How Duo Customers Can Respond to CISA’s Report on Scattered Spider

Microsoft provides more mitigation instructions for the PetitPotam attack

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

StealthWorker botnet targets Synology NAS devices to drop ransomware

Tricky Phish Angles for Persistence, Not Passwords

A bug is about to confuse a lot of computers by turning back time 20 years

SCCM Hierarchy Takeover with High Availability

US CISA and NSA publish guidance to secure Kubernetes deployments

FBI’s alert warns about using Windows 7 and TeamViewer

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

API Security for the Modern Enterprise

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Cybersecurity agencies: You don’t have to delete PowerShell to secure it

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

The Implications of the Uber Breach

Make It Your Own: Brand Customization With Our Universal Prompt

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

Most Common SSH Vulnerabilities & How to Avoid Them

Privileged account management challenges: comparing PIM, PUM and PAM

Backdoored Webmin versions were available for download for over a year

Duo Has Been Recognized as a Customers’ Choice for Access Management in Gartner® Peer Insights™ Two Years in a Row!

Ransomware: Why do backups fail when you need them most?

Vulnerability Management and the Road Less Traveled

Vulnerability Management in the time of a Pandemic

Top Cybersecurity Accounts to Follow on Twitter

How to Perform a Vulnerability Scan in 10 Steps

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Linux Patch Management: Tools, Issues & Best Practices

Best Privileged Access Management (PAM) Software for 2022

Stay Connected