Advertising and System Administration - Cyber Security Informer

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

” The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.

Advertising

Advertising Cybercrime System Administration Hacking

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

An advertisement for Orcus RAT. The accused, 36-year-old John “Armada” Revesz , has maintained that Orcus is a legitimate “ R emote A dministration T ool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product.

Malware

Malware Advertising Marketing System Administration

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

JUNE 10, 2022

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

Government

Government Marketing Internet Internet

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

MAY 25, 2020

The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system. Administrators should update their Unified CCE installs as soon as possible. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

System Administration

System Administration Advertising Software Hacking

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Software

Software System Administration Advertising Accountability

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks.

Ransomware

Ransomware System Administration Antivirus Malware

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

SEPTEMBER 2, 2019

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct , an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. Amobee , the Redwood City, Calif. The CEO of Amobee is Kim Perell , formerly CEO of Adconion.

Media

Media Government Marketing Internet

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Advertising Internet Internet

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

Security Affairs

JUNE 2, 2020

Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator” with access to all cloud accounts (organization) as an attacker can change the hash for this account. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Accountability Advertising Authentication

DFSCoerce, a new NTLM relay attack, can take control over a Windows domain

Malwarebytes

JUNE 21, 2022

First, the client establishes a network path to the server and sends a NEGOTIATE_MESSAGE advertising its capabilities. PetitPotam is an example of an NTLM relay attack that prompted Microsoft to send out an advisory for system administrators to stop using the now deprecated Windows NT LAN Manager (NTLM) to thwart an attack.

System Administration

System Administration Authentication Passwords Advertising

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes NSA. Pierluigi Paganini.

System Administration

System Administration Software Advertising Technology

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Malware Advertising Risk

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. We have observed several different advertiser accounts which were all reported to Google. The lures are utilities commonly used by IT admins such as PuTTY and FileZilla.

System Administration

System Administration DNS Engineering Social Engineering

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Cybercrime Social Engineering Banking

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency System Administration Advertising Hacking

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021. Despite WeSteal is advertised as implementing a “RAT Panel,” experts did not find RAT feature in their analysis. There is the name of the malware itself.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

ru , which at one point advertised the sale of wooden staircases. 2011 said he was a system administrator and C++ coder. “Cryptolockers made a lot of noise in the press, but lazy system administrators don’t make backups after that. Another domain registered to that phone number was stairwell[.]ru

Ransomware

Ransomware Cybercrime Accountability Government

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

System administrators need to upgrade to fixed versions ASAP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Our preliminary CVE-2020-5902 scans have located 1,832 vulnerable F5 hosts.

System Administration

System Administration Advertising Hacking Banking

Google will shut down consumer version of Google+ earlier due to a bug

Security Affairs

DECEMBER 11, 2018

. “A list of impacted users in those domains is being sent to system administrators, and we will reach out again if any additional impacted users or issues are discovered. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

System Administration

System Administration Advertising Software Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. md , and that they were a systems administrator for sscompany[.]net. co and a VPN provider called HideIPVPN[.]com.

Malware

Malware VPN Internet Internet

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems. . System administrators need to employ security best practices with the systems they manage.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Cryptocurrency Malware System Administration

Thousands of RDM refrigeration systems exposed online are at risk

Security Affairs

FEBRUARY 10, 2019

“They all come with a default username and “1234” as the default password, which is rarely changed by system administrators.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Risk

Risk Passwords System Administration Advertising

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

In this type of distributed denial of service (DDoS) attack, the malicious traffic generated with the technique is greater than the once associated with the use of memcached, a service that does not require authentication but has been exposed on the internet by inexperienced system administrators. About the Author: Paulo Brito.

DDOS

DDOS Internet Internet System Administration

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Webmin, hacking).

System Administration

System Administration Passwords DNS Advertising

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Engineering

Engineering Cryptocurrency System Administration Advertising

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

.” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. The vulnerability could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

System Administration

System Administration Advertising Hacking Software

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

.” continues the report “While CIA was an early leader in securing our enterprise information technology (IT) system, we failed to correct acute vulnerabilities to our mission IT systems.”. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Engineering Data breaches Advertising

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. In April, the U.S. Pierluigi Paganini.

Malware

Malware Cyber threats Government System Administration

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

Malvertiser copies PC news site to deliver infostealer

Malwarebytes

NOVEMBER 8, 2023

This type of website is often visited by geeks and system administrators to read the latest computer reviews, learn some tips and download software utilities. The advertiser shows as Scott Cooper and is likely a compromised or fake identity. One common technique used by threat actors to evade detection is to employ cloaking.

Software

Software System Administration Antivirus Malware

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

Some intruders resembled “drunken burglars,” said one source, getting lost in the labyrinth of corporate systems and appearing to grab files at random.” ” According to the Reuters, the hackers had a total control over the HPE corporate network, they also left messages taunting system administrators.

Identity Theft

Identity Theft Hacking System Administration Advertising

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

Hladyr is suspected to be a system administrator for the group. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Penetration Testing System Administration Banking

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Security Affairs

NOVEMBER 28, 2018

Cisco advisory reveals that the vulnerability could be also exploited remotely by leveraging the operating system remote management tools. The issue could be exploited by a malware or ill-intentioned logged-in user to gain system administrator rights and carry out malicious activities. and later prior to 33.0.5,

System Administration

System Administration Advertising Software Authentication

Five Eyes Intelligence agencies warn of popular hacking tools

Security Affairs

OCTOBER 12, 2018

To aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Credential Stealer: Mimikatz. Pierluigi Paganini.

Hacking

Hacking System Administration Advertising Engineering

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

The Windows Background Intelligent Transfer Service (BITS) service is a built-in component of the Microsoft Windows operating system. The BITS service is used by programmers and system administrators to download files from or upload files to HTTP web servers and SMB file shares. ” concludes the report. Pierluigi Paganini.

Malware

Malware System Administration Advertising Spyware

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Firmware Media Authentication

Wireshark fixed three flaws that can crash it via malicious packet trace files

Security Affairs

SEPTEMBER 2, 2018

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems. Administrators can help protect affected systems from external attacks by using a solid firewall strategy. Administrators are advised to monitor affected systems.

Firewall

Firewall System Administration Advertising Antivirus

FireEye experts found source code for CARBANAK malware on VirusTotal?

Security Affairs

APRIL 23, 2019

Hladyr is suspected to be a system administrator for the group. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Penetration Testing System Administration Banking

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

“Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. “ reports Radio-Canada.

Hacking

Hacking Advertising System Administration Media

Lazarus APT Targeting Cryptocurrency, CISA Warns

SecureWorld News

APRIL 21, 2022

CISA breaks down the tactics, techniques, and procedures (TTPs) used by the gang: "Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms.

Cryptocurrency

Cryptocurrency Computers and Electronics Social Engineering System Administration

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

Furthermore, when planning cloud-based service architectures, corporate system administrators need to evaluate various logging options offered by could service providers and integrate activity log data into existing risk detection flows. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing

Phishing Accountability Financial Services Cloud Migration

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

The experts also detailed a separate case, that was observed on May 2023, using a similar infection scheme to advertise a rogue page for Midjourney. Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” ” concludes the report.

System Administration

System Administration Advertising Hacking Malware

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

DECEMBER 15, 2019

Andrea Pierini (@ decoder_it ) “Andrea is an IT Architect & Security Manager with long-term experience and in-depth knowledge covering all aspects of IT: from SW development to systems administration; networking administration and IT security. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Mobile System Administration Engineering

How effective is the EDPB website auditing tool for checking GDPR compliance?

BH Consulting

MARCH 12, 2025

If the tool finds a site is using third party advertising cookies when the visitor chooses Reject All, that would be in violation of the GDPR and ePrivacy directive.

Risk

Risk Small Business System Administration Advertising

Meet the Administrators of the RSOCKS Proxy Botnet

Orcus RAT Author Charged in Malware Scheme

Trending Sources

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Cisco fixed a critical issue in the Unified Contact Center Express

Cisco fixes a static default credential issue in Smart Software Manager tool

FBI and CISA published a new advisory on AvosLocker ransomware

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure

DFSCoerce, a new NTLM relay attack, can take control over a Windows domain

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Yomi Hunter Catches the CurveBall

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

WeSteal, a shameless commodity cryptocurrency stealer available for sale

How Did Authorities Identify the Alleged Lockbit Boss?

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Google will shut down consumer version of Google+ earlier due to a bug

Who and What is Behind the Malware Proxy Service SocksEscort?

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Thousands of RDM refrigeration systems exposed online are at risk

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Backdoored Webmin versions were available for download for over a year

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

CIA elite hacking unit was not able to protect its tools and cyber weapons

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Roboto, a new P2P botnet targets Linux Webmin servers

Malvertiser copies PC news site to deliver infostealer

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

FireEye experts found source code for CARBANAK malware on VirusTotal?

Initial patch for Webex Meetings flaw WebExec was incomplete. Cisco fixed it again

Five Eyes Intelligence agencies warn of popular hacking tools

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

USBAnywhere BMC flaws expose Supermicro servers to hack

Wireshark fixed three flaws that can crash it via malicious packet trace files

FireEye experts found source code for CARBANAK malware on VirusTotal?

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Lazarus APT Targeting Cryptocurrency, CISA Warns

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

How effective is the EDPB website auditing tool for checking GDPR compliance?

Stay Connected