Blog, Firewall and System Administration

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

The Last Watchdog

MAY 10, 2019

One such go-to APT technique is to remotely leverage legit administrative tools to carry out malicious activities — under cover. Borrowing tools It would not surprise me if this attacker, once inside Wipro’s network, used tactics and techniques that have come into everyday use in advanced persistent threat (APT) types of hacks.

Digital transformation

Digital transformation System Administration Hacking Threat Detection

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. Alexey described his activity on a Russian blogging platform, he explained he hacked into the routers to change settings and prevent further compromise.

Cryptocurrency

Cryptocurrency System Administration Advertising Hacking

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

On that day, one of the web application firewalls (WAFs) installed in the XLabs SOC (security operations center) detected an abnormal pattern of network traffic that caught the eye of Mauricio. The Brazilian version of the post is available on the author’s blog. This, however, is the most serious finding so far.

DDOS

DDOS Internet Internet System Administration

Managed or Unmanaged Device? Duo’s Device Trust Has You Covered

Duo's Security Blog

MAY 11, 2022

The lightweight application collects device health information such as Operating System (OS) version , firewall status, disk encryption status, presence of Endpoint Detection and Response (EDR) agents and password status. Administrators can set access policies based on device health.

Firewall

Firewall VPN System Administration Encryption

More Cloud Means More Multi-Tenant Environments

Thales Cloud Protection & Licensing

JANUARY 23, 2018

To ensure a secure multi-tenant environment for consolidation, you need a solution that: adequately isolates security for specific tenants or customers; authorizes access to the data itself without allowing even systems administrators or privileged users to see the data; and. achieves performance without compromising security.

Cloud Migration

Cloud Migration System Administration Architecture Firewall

Logjam’s Effect On HTTPS Encryption

SiteLock

AUGUST 27, 2021

SiteLock customers using the TrueShield web application firewall (WAF) are protected by default. Administrators are urged to configure their servers to deny the use of vulnerable Diffie-Helman key exchange algorithms. Researchers provided a guide for system administrators, and the SSL Server Test can verify configuration results.

Encryption

Encryption System Administration Firewall Internet

SANS Critical Controls 14 and 15: Network Audit Logging and Controlled Access

NopSec

AUGUST 13, 2013

This week we come back with our blog series on SANS 20 Critical Controls and focus on Audit Logs and Controlled Access. Audit Logs for firewall, network devices, servers and hosts are most of the time the only way to determine whether or not the host has been compromised and the only way to control the activity of the system administrator.

Firewall

Firewall System Administration Encryption Authentication

My Story So Far and Your Own Career Journey

Lenny Zeltser

JUNE 7, 2024

I pursued a degree in computer science and was inspired to enter the cybersecurity field after deploying my first firewall. System administration, network security, penetration testing, professional services, product management. Also, know that others share whatever doubts and concerns you might keep locked inside your mind.

Penetration Testing

Penetration Testing System Administration CISO Firewall

How Secure Shell (SSH) Keys Work

Security Boulevard

AUGUST 5, 2022

Related blogs. All enterprises rely on Secure Shell (SSH) keys to authenticate privileged users and establish trusted access to critical systems, including application servers, routers, firewalls, virtual machines, cloud instances, and many other devices and systems. 4 Ways to Start Protecting Your SSH Keys. David Bisson.

Encryption

Encryption Authentication System Administration Firewall

Mitigating Ransomware Attacks – Decoupling Encryption Keys From Encrypted Data

Thales Cloud Protection & Licensing

NOVEMBER 24, 2020

With rising incidents of ransomware attacks, organisations are finally realising that merely implementing perimeter defense systems no longer suffice to protect their sensitive data. While front line defense mechanisms like firewalls, anti-theft, anti-spyware, etc. What is the secure escrow procedure followed for these keys?

Encryption

Encryption Ransomware Backups System Administration

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

Clearly, traditional firewalls and antivirus systems will not be sufficient; the complex IIoT infrastructure demands something more advanced. With this unique identity in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

Malware Evolves to Present New Threats to Developers

Security Boulevard

FEBRUARY 10, 2022

Network control measures like firewalls, secure socket layer (SSL), and data loss prevention (DLP) tools sought to outmaneuver malicious code rather than directly combat it. This technique lets attackers deliver malicious code to thousands of systems through a vector that security measures routinely ignore?—?a a trusted vendor.

Malware

Malware Software Ransomware Adware

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

This blog was written by an independent guest blogger. This can be carried out directly or using a shadow payload or using a phishing attack aimed at compromising the user's system. It is tough to do without a dedicated team and security solutions like firewalls, intrusion detection, antiviruses and more.

Accountability

Accountability Passwords Authentication Information Security

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. In line with our predictions, we released two blog posts in 2022 introducing sophisticated low-level bootkits. The next WannaCry.

Firmware

Firmware Surveillance Mobile Telecommunications

The secrets to start a cybersecurity career

Responsible Cyber

JULY 14, 2024

Knowledge of Security Protocols: Familiarity with encryption, firewalls, VPNs, IDS/IPS, and other security technologies. Skills Needed: Network architecture knowledge, firewall management, intrusion detection/prevention systems expertise. Problem-Solving Abilities: Ability to think critically and solve complex security issues.

Cybersecurity

Cybersecurity Education Penetration Testing Technology

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

I include a sampla here: Vulnerabilities affecting VPN and NG firewalls such as Cisco and Palo Alto Networks, much like the Palo Alto Networks GlobalProtect SSL VPN Critical Pre-authentication vulnerability – CVE-2019-1579. The disclosure blog post can be found here.

VPN

VPN Accountability Risk System Administration

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

It could be a system administrator who has access to sensitive defense information and recently just met an attractive fitness influencer on social media (hello, Iran !). A compromised customer account might use business email compromise tactics to phish everyone in that customer’s circle.

Phishing

Phishing Accountability Social Engineering Mobile

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. His 1994 book detailing cryptographic algorithms ( Applied Cryptography ) was just the beginning of his contributions to technical perspectives on system design, cybersecurity, privacy, and more. Dave Kennedy | @hackingdave.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Cyber Security Informer

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Trending Sources

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Managed or Unmanaged Device? Duo’s Device Trust Has You Covered

More Cloud Means More Multi-Tenant Environments

Logjam’s Effect On HTTPS Encryption

SANS Critical Controls 14 and 15: Network Audit Logging and Controlled Access

My Story So Far and Your Own Career Journey

How Secure Shell (SSH) Keys Work

Mitigating Ransomware Attacks – Decoupling Encryption Keys From Encrypted Data

Machine Identities are Essential for Securing Smart Manufacturing

Malware Evolves to Present New Threats to Developers

Privileged account management challenges: comparing PIM, PUM and PAM

Advanced threat predictions for 2023

The secrets to start a cybersecurity career

Vulnerability Management in the time of a Pandemic

The Phight Against Phishing

Top Cybersecurity Accounts to Follow on Twitter

Stay Connected