Accountability, Passwords and System Administration

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Phishing

Phishing Passwords Accountability Authentication

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

These hacking waves contribute to the harvesting of account credentials and unauthorized access to loosely-configured servers; and these ill-gotten assets can, in turn, be utilized to execute different stages of higher-level hacks, such as account takeovers and ransomware campaigns. Password concierge.

Accountability

Accountability Passwords Hacking Cyber Risk

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

System Administration

System Administration Data breaches Accountability Passwords

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Webroot

APRIL 2, 2024

A brute force attack is a cyber attack where the attacker attempts to gain unauthorized access to a system or data by systematically trying every possible combination of passwords or keys. There are many already leaked password lists that are commonly used, and they grow after every breach. What is a Brute Force Attack?

Cybersecurity

Cybersecurity Passwords VPN Authentication

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

A user can usually get a JWT after logging into a website using his email and password The analysis of the GSPIMS app allowed the researcher to discover a function named “GenerataJWT” that allows to generate a JWT based on a provided valid email address without providing any password. System Admins can access all the tabs.”

System Administration

System Administration Accountability Passwords Hacking

Years of Research Reveals Holy Grail of Password Strength

SecureWorld News

NOVEMBER 5, 2020

When it comes to passwords, where is the holy grail that will miraculously maximize security and usability at the same time? Password best practices: 10 years of research. Password best practices: 10 years of research. And during the decade of research, it wasn't just passwords that changed; it was the people, too. "We

Passwords

Passwords System Administration Accountability

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

APRIL 6, 2021

Côté outlined how and why many SMBs are in a position to materially improve their security posture – by going back to a few security basics, in particular by paying closer attention to privileged account management , or PAM. Some context: privileged accounts first arose 20 years ago as our modern business networks took shape.

Accountability

Accountability Passwords Digital transformation Authentication

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Hot for Security

FEBRUARY 10, 2021

The FBI alert, obtained by ZDNet , draws attention to out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”. .

Hacking

Hacking Social Engineering System Administration Passwords

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Distribution of Sensitive Data Exposure vulnerabilities by risk level, 2021–2023 ( download ) Among the sensitive data we identified during our analysis were plaintext one-time passwords and credentials, full paths to web application publish directories and other internal information that could be used to understand the application architecture.

Passwords

Passwords Authentication Architecture Risk

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”

Passwords

Passwords Social Engineering Software System Administration

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. The biggest is password re-use by cybercriminals (yes, crooks are lazy, too). 3 was Lublin, Poland.

Ransomware

Ransomware Cybercrime System Administration Passwords

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

According to Tenable, the remote authentication-bypass vulnerability is tied to an issue related to how HPE handles password resets for administrator accounts. The password change is carried out by sending a request to URL /redfish/v1/SessionService/ResetPassword/1.

Authentication

Authentication Passwords Accountability System Administration

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Inactive Accounts and Default Configurations. Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. MFA was automatically disabled because the account was inactive for a long period.

VPN

VPN Accountability Authentication Passwords

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

. “Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software

Software System Administration Advertising Accountability

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. was also used to register an account at the online game stalker[.]so ru account is connected to the Telegram account “ Perchatka ,” (“glove” in Russian). ru account and posted as him.

Ransomware

Ransomware Accountability Cybercrime Backups

Microsoft provides more mitigation instructions for the PetitPotam attack

Malwarebytes

JULY 29, 2021

The attack could force remote Windows systems to reveal password hashes that could then be easily cracked. Microsoft quickly sent out an advisory for system administrators to stop using the now deprecated Windows NT LAN Manager (NTLM) to thwart an attack. The authentication process does not require the plaintext password.

Authentication

Authentication Passwords Encryption System Administration

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. ” Michael Sanders , executive vice president of account management at Kaseya, confirmed that the customer portal was taken offline in response to a vulnerability report.

Software

Software Ransomware System Administration Authentication

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

Between January and August 2020, unidentified actors used aggregation software to link actor-controlled accounts to client accounts belonging to the same institution, resulting in more than $3.5 Some of the credentials belonged to company leadership, system administrators, and other employees with privileged access.".

Banking

Banking Passwords Accountability DDOS

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA. Compare this to climbing the hill of Windows Logon, VPN logon, and web application logon - all with username, password, and Duo prompt - just to get to work in the morning.

Authentication

Authentication VPN System Administration Engineering

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Turns out it was possible for a threat actor to flood GLIBC with data , take control of it, and then use it as a launch point for stealing passwords, spying on users and attempting to usurp control of other computers. Privilege account credentials are widely available for sale. This is where PowerShell comes back into play.

Hacking

Hacking Energy and Utilities System Administration Accountability

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. Read our guide on privilege escalation attacks next to learn about the detection and prevention strategies for your privileged accounts and data.

Risk

Risk Authentication System Administration Ransomware

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.

Cybercrime

Cybercrime System Administration Marketing Malware

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year.

Passwords

Passwords System Administration Advertising DNS

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. Type enable and the corresponding system password initially set during system installation to enter EXEC PRIVILEGED mode. The command line prompt will be changed from > to #.

VPN

VPN Authentication Mobile Firewall

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

Attackers often use privilege escalation exploits to increase their access rights, or tools like Mimikatz that can extract passwords from a computer’s memory. Instead, they used “additional malicious activity” to get credentials they need to move forward.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

The Implications of the Uber Breach

Security Boulevard

SEPTEMBER 17, 2022

These types of "unauthorized access" attacks account for 50% of all data breaches and can cost companies as much as $9.5M Companies need to leverage artificial intelligence (AI) to combat account takeovers and tackle fraud at the front door and subsequently throughout their networks. dollars to remediate per incident.

Social Engineering

Social Engineering Education Technology Artificial Intelligence

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. Type enable and the corresponding system password initially set during system installation to enter EXEC PRIVILEGED mode. The command line prompt will be changed from > to #.

VPN

VPN Authentication Mobile Firewall

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Various businesses and organizations rely on these systems. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.

Authentication

Authentication System Administration Firmware Passwords

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

He is also looking for opportunities to collect additional access parameters (usernames and passwords), elevate privileges, or use already existing compromised accounts for unauthorized access to systems, applications, and data. Attackers may use the following methods to obtain administrator privileges: Compromised passwords.

Accountability

Accountability Passwords Authentication Social Engineering

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

Also, remember how users can use keys rather than a password to login? So, imagine Susan is a system admin and she has access to several servers. She used SSH keygen to generate keys and she now can login to the systems via Secure Shell. These algorithms change and as they age, they become more vulnerable.

Risk

Risk Authentication Passwords Accountability

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

SecureList

OCTOBER 13, 2022

In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). Performing disinfection on Zimbra is extremely difficult, as the attacker will have had access to configuration files containing passwords used by various service accounts.

System Administration

System Administration Malware Passwords Internet

What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

Duo's Security Blog

APRIL 6, 2022

One common hurdle for systems administrators setting up new Duo Unix integrations is PAM — Pluggable Authentication Modules. We hope that the guidance below, combined with our extensive documentation , will help those setting up new integrations get their systems configured quickly and easily. Other Flags.

Authentication

Authentication Passwords Backups System Administration

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally: Conduct regular backups and store them as air-gapped, password-protected copies offline. Update and patch operating systems, software, and firmware as soon as updates and patches are released. BlackByte Ransomware Protection Steps.

Ransomware

Ransomware Encryption Backups Accountability

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” ” reads the post published by Microsoft. ” continues Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

API Security for the Modern Enterprise

IT Security Guru

SEPTEMBER 7, 2022

Or, if you’re using an external API for authentication, then your authentication token could be stolen by an attacker who has gained access to the server hosting that external service via some other means such as social engineering or brute force attacks on their account credentials (e.g., password guessing). API Security Tools.

DDOS

DDOS Authentication Architecture Social Engineering

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

According to an investigation conducted by Secureworks hackers were also able to access the hackers were also able to compromise the mail servers to obtain access to admin accounts. Hackers could read, send or delete emails from any user. “ reports Radio-Canada.

Hacking

Hacking Advertising System Administration Media

SCCM Hierarchy Takeover with High Availability

Security Boulevard

FEBRUARY 21, 2024

Abusable Requirements The first issue that raises an eyebrow is the requirement that the machine account for the passive site server must be a member of the LOCAL ADMINISTRATORS group on the active site server. Figure 2: Site Installation Account Next, we’ll shift focus to the site database role. 10.10.100.121:445.

Authentication

Authentication Accountability System Administration Software

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. Enable 2FA and get a password manager.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

Are all Microsoft(MS) Remote Desktop connections to the outside world accounted for and adequately protected? Are all the OWA – Outlook Web Access – installations accounted for and adequately protected? Are all file sharing accounts accounted for and adequately protected? Are all CMS websites accounted for?

VPN

VPN Accountability Risk System Administration

Vulnerability Management and the Road Less Traveled

NopSec

OCTOBER 19, 2015

A NULL session attack is something that system administrators often neglect to consider when hardening networks. This can lead to disastrous results as enumeration of a null session can divulge just about every bit of useful information an attacker needs to remotely gain access to a system.

Firewall

Firewall VPN Passwords System Administration

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Facebook’s Two-Factor Authentication phone numbers exposed: After prompting users to provide phone numbers to secure their accounts, Facebook allows anyone to look up their account by using them. Denying anything happened gives system administrators more time to identify and patch newly discovered vulnerabilities.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

NOVEMBER 30, 2021

Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. What is Privileged Access Management (PAM)? WALLIX Bastion. PAM best practices.

Software

Software Accountability Government Passwords

Tricky Phish Angles for Persistence, Not Passwords

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Trending Sources

Yandex security team caught admin selling access to users’ inboxes

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Researcher compromised the Toyota Supplier Management Network

Years of Research Reveals Holy Grail of Password Strength

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Top 10 web application vulnerabilities in 2021–2023

FBI’s alert warns about using Windows 7 and TeamViewer

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

China-linked threat actors have breached telcos and network service providers

Cisco fixes a static default credential issue in Smart Software Manager tool

A Closer Look at the Snatch Data Ransom Group

Microsoft provides more mitigation instructions for the PetitPotam attack

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Career Choice Tip: Cybercrime is Mostly Boring

Backdoored Webmin versions were available for download for over a year

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

The Implications of the Uber Breach

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

A bug is about to confuse a lot of computers by turning back time 20 years

Privileged account management challenges: comparing PIM, PUM and PAM

Roboto, a new P2P botnet targets Linux Webmin servers

Most Common SSH Vulnerabilities & How to Avoid Them

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

API Security for the Modern Enterprise

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

SCCM Hierarchy Takeover with High Availability

Top Cybersecurity Accounts to Follow on Twitter

Vulnerability Management in the time of a Pandemic

Vulnerability Management and the Road Less Traveled

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Best Privileged Access Management (PAM) Software for 2022

Stay Connected