Accountability, Information Security and System Administration

Yandex sysadmin caught selling access to email accounts

Malwarebytes

FEBRUARY 17, 2021

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team.

Accountability

Accountability Social Engineering System Administration Engineering

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

System Administration

System Administration Data breaches Accountability Passwords

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. This joint CSA updates the advisory published by the US Government on March 17, 2022.

Ransomware

Ransomware System Administration Antivirus Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

The expert used the JWT to access the GSPIMS portal and after gaining access to the platform he discovered an account with system administrator privileges. made it easy to find accounts that had elevated access to the system. That gave me access to the User Administration section.

System Administration

System Administration Accountability Passwords Hacking

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook.

System Administration

System Administration Firmware Government Hacking

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. To prevent the threat from spreading within the network, the City shut down the impacted IT systems. ” reads the report.

Ransomware

Ransomware Surveillance Healthcare Accountability

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

We’re adding an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.” The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over.

System Administration

System Administration Hacking Cyber threats Accountability

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software

Software System Administration Advertising Accountability

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets.

System Administration

System Administration Malware Accountability Marketing

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”

Passwords

Passwords Social Engineering Software System Administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

. “Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

According to Tenable, the remote authentication-bypass vulnerability is tied to an issue related to how HPE handles password resets for administrator accounts. However, after the password change, an unauthenticated remote attacker can use the same URL to reset the password for the Administrator account,” Tenable wrote.

Authentication

Authentication Passwords Accountability System Administration

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

Two months after fully restoring its systems, CNA Financial, the leading US insurance company that was attacked by a group using Phoenix CryptoLocker ransomware, issued a legal notice of an information security incident to the Consumer Protection Bureau in New Hampshire.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

Kimsuky APT poses as journalists and broadcast writers in its attacks

Security Affairs

JUNE 3, 2023

Additionally, the APT group also impersonates operators or administrators of popular web portals claiming that a victim’s account has been locked following suspicious activity or fraudulent use. The advisory includes potential mitigation measures for email recipients and recipients’ systems administrators.

Social Engineering

Social Engineering Phishing System Administration Engineering

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function. Below is an example command to identify a hooked ipcl_get_next_conn function: root@solaris:~# echo ‘ipcl_get_next_conn::dis -n 0 ; ::quit’ | mdb -k. .”

Banking

Banking Telecommunications System Administration Hacking

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST. One-Time Passwords and authentication against various resources, such as accounts or file systems, were some of the mechanisms we found to be vulnerable.

Passwords

Passwords Authentication Architecture Risk

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Firewall

Firewall System Administration Technology Hacking

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

He is also looking for opportunities to collect additional access parameters (usernames and passwords), elevate privileges, or use already existing compromised accounts for unauthorized access to systems, applications, and data. Cybercriminals may also perform some destructive actions aimed at data or systems.

Accountability

Accountability Passwords Authentication Social Engineering

Topic-specific policy 2/11: physical and environmental security

Notice Bored

OCTOBER 12, 2021

but are they 'information security controls'? If you determine that a policy in this area would be worthwhile for your organisation, but don't presently have one, the SecAware "physical information security" policy template is a starting point. I would argue yes for some, perhaps most of them.

Manufacturing

Manufacturing Risk System Administration Information Security

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

The website is a clone of the website of Convergent Network Solutions Ltd , Bastion Secure’s ‘About’ page states that is a spinoff of the legitimate cybersecurity firm that anyway not linked to the criminal gang.

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

.” According to the indictment, the criminal duo used the stolen banking credentials to make unauthorized transfers from the victims’ bank accounts to bank accounts owned by “money mules.” Then the criminals moved the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash. .

Banking

Banking Malware Cybercrime Accountability

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. Denial-of-Suez attack.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year.

Passwords

Passwords System Administration Advertising DNS

SPOTLIGHT: Women in Cybersecurity

McAfee

NOVEMBER 3, 2020

Please join McAfee, AWS, and our customers to discuss the impact women are having on information security in the cloud. These remarkable women represent multiple roles in cloud and security, from technical leadership through executive management. Chief Information Security Officer. Can’t make it? Collins Aerospace.

Cybersecurity

Cybersecurity Architecture Cloud Migration Retail

More ‘actionable’ intel needed from HHS to support health IT security

SC Magazine

JUNE 29, 2021

But the Government Accountability Office found areas where HHS could better coordinate its efforts to support department information sharing and overall health IT security. The elements are required by the Federal Information Security Modernization Act of 2014.

Healthcare

Healthcare Cybersecurity CISO Cyber threats

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Cyber threat management , being an advanced discipline, craves analytical attention and a commander’s strategic skills of information security executives to confront and overcome the multi-dimensional cyber threats.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account.

System Administration

System Administration Accountability Advertising Authentication

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

The PerSwaysion campaign proliferates with alarming rates by leveraging compromised accounts’ email data to select further targets who hold important roles in their companies and share business relations with the victims. Group-IB continues to work with the relevant parties in local countries to inform the affected companies of the breach.

Phishing

Phishing Accountability Financial Services Cloud Migration

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines.

Malware

Malware Social Engineering Encryption Marketing

Behavior vs. Execution Modality

Security Boulevard

MAY 21, 2024

On Detection: Tactical to Functional Part 12 Introduction At Shmoocon 2015, Will Schroeder (Harmj0y) gave a talk titled “ I Hunt Sys Admins ,” describing how attackers can hunt (or find the location of) system administrators throughout the network. As described in his talk, account takeover is not limited to Mimikatz.

Computers and Electronics

Computers and Electronics Engineering Accountability System Administration

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

A group of teenagers used social engineering to breach Twitter's network and take over the accounts of a whole bunch of A-listers. The teens also took over Twitter accounts of several cryptocurrency companies regulated by the New York State Department of Financial Services (NYDFS). How did the Twitter account takeover attack work?

Social Engineering

Social Engineering Media Scams Financial Services

Cyber Security Informer

Yandex sysadmin caught selling access to email accounts

Yandex security team caught admin selling access to users’ inboxes

Webinars

Trending Sources

FBI and CISA published a new advisory on AvosLocker ransomware

Webinars

Researcher compromised the Toyota Supplier Management Network

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Hackers are targeting Soliton FileZen file-sharing servers

StealthWorker botnet targets Synology NAS devices to drop ransomware

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Microsoft to notify Office 365 users of nation-state attacks

Cisco fixes a static default credential issue in Smart Software Manager tool

Administrators of bulletproof hosting sentenced to prison in the US

FBI’s alert warns about using Windows 7 and TeamViewer

China-linked threat actors have breached telcos and network service providers

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Kimsuky APT poses as journalists and broadcast writers in its attacks

Caketap, a new Unix rootkit used to siphon ATM banking data

Top 10 web application vulnerabilities in 2021–2023

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Privileged account management challenges: comparing PIM, PUM and PAM

Topic-specific policy 2/11: physical and environmental security

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

US authorities charged Dridex gang members for stealing over $100 Million

Top Cybersecurity Accounts to Follow on Twitter

Backdoored Webmin versions were available for download for over a year

SPOTLIGHT: Women in Cybersecurity

More ‘actionable’ intel needed from HHS to support health IT security

Roboto, a new P2P botnet targets Linux Webmin servers

Cyber Security Awareness and Risk Management

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Updates from the MaaS: new threats delivered through NullMixer

Behavior vs. Execution Modality

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

Stay Connected