DNS and System Administration - Cyber Security Informer

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Malwarebytes

APRIL 9, 2024

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. Click here for more information about DNS filtering via our Nebula platform. The lures are utilities commonly used by IT admins such as PuTTY and FileZilla. dll (Nitrogen).

System Administration

System Administration DNS Engineering Social Engineering

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

JULY 14, 2020

Top of the heap this month in terms of outright scariness is CVE-2020-1350 , which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

DNS

DNS Backups System Administration Software

Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday

Malwarebytes

JULY 14, 2021

Looking at the urgency levels Microsoft has assigned to them, system administrators have their work cut out for them once again: 13 criticial patches 103 important patches. CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability for Windows Server versions if the server is configured to be a DNS server.

DNS

DNS Media System Administration Engineering

New Go loader pushes Rhadamanthys stealer

Malwarebytes

MARCH 22, 2024

Malicious ad targets system administrators PuTTY is a very popular SSH and Telnet client for Windows that has been used by IT admins for years. ThreatDown users that have DNS Filtering can enable ad blocking in their console to prevent attacks that originate from malicious ads. We reported this campaign to Google.

Malware

Malware System Administration DNS

FBI Issues Flash Advisory on Conti Ransomware Attacks Impacting Healthcare and First Responder Networks

Hot for Security

MAY 26, 2021

Once Conti actors deploy the ransomware, they may stay in the network and beacon out using Anchor DNS.”. The advisory further includes a list of indicators of compromise (IoCs) that system administrators can look for to help stop a Conti attack before it unfolds, as well as a list of recommended mitigations.

Healthcare

Healthcare Ransomware System Administration DNS

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year.

Passwords

Passwords System Administration Advertising DNS

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

It’s designed for incident handlers, incident handling team leads, system administrators, security practitioners, and security architects. It’s designed for system analysts, security analysts, network engineers, network administrators, and hands-on security managers.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Rezvesz maintains his software was designed for legitimate use only and for system administrators seeking more powerful, full-featured ways to remotely manage multiple PCs around the globe. Tips from international private cyber security firms triggered the investigation.”.

Advertising

Advertising Malware Marketing Software

Ransomware: Why do backups fail when you need them most?

Malwarebytes

OCTOBER 22, 2021

So why do we keep hearing things like this: We’re also feeling relatively confident, we have a very good backup system … and then we find out at about four or five hours after the [ransomware] attack that our backup system is completely gone. Ski Kacoroski, System administrator, Northshore School District.

Backups

Backups Ransomware System Administration DNS

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

System administrators can schedule scans to spot unauthorized system modifications or unwanted additional SSH accesses. Reduce potential attack surfaces by discontinuing unused VPN servers that may be used as a point of entry for attackers. Vigilance is Required.

VPN

VPN Accountability Authentication Passwords

9 Best Penetration Testing Tools for 2022

eSecurity Planet

FEBRUARY 24, 2022

Amass is an open-source network mapper that is particularly efficient for DNS (Domain Name System) and subdomain enumeration. Password cracking consists of retrieving passwords stored in computer systems. System administrators and security teams (and hackers) can use them to spot weak passwords. Useful links.

Penetration Testing

Penetration Testing Wireless Passwords Social Engineering

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Denying anything happened gives system administrators more time to identify and patch newly discovered vulnerabilities. An unexpected delay in network connections could mean a hardware failure, but it could also signify a hijacked DNS server. Then there are the repercussions to the company’s stock price.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

But if we go on the Akamai blog we can still find a reference to Elknot posted on April 4, 2016 on a topic referred to “ BillGates ”, another DDoS malware whose “ attack vectors available within the toolkit include: ICMP flood, TCP flood, UDP flood, SYN flood, HTTP Flood (Layer7) and DNS reflection floods. O"]); // for persistence.

DDOS

DDOS Malware Encryption Penetration Testing

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Longtime network and system administrator Jack Daniel is a technology community activist, mentor, and storyteller. DNS over HTTPS is a sensitive info grab by whomever Web browsers partner with, yet it's sold as a "privacy enhancement." Denial-of-Suez attack. Jack Daniel | @jack_daniel.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

A few days later, IT systems started malfunctioning with ransom messages following. The system administrator did not configure standard security controls when installing the server in question. Meanwhile, the suspect server was connected to the CDOT domain with an administrator account and the internet.

VPN

VPN Software Authentication Encryption

Cyber Security Informer

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

‘Wormable’ Flaw Leads July Microsoft Patches

Trending Sources

Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday

New Go loader pushes Rhadamanthys stealer

FBI Issues Flash Advisory on Conti Ransomware Attacks Impacting Healthcare and First Responder Networks

Backdoored Webmin versions were available for download for over a year

15 Top Cybersecurity Certifications for 2022

Roboto, a new P2P botnet targets Linux Webmin servers

Canadian Police Raid ‘Orcus RAT’ Author

Ransomware: Why do backups fail when you need them most?

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

9 Best Penetration Testing Tools for 2022

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Top Cybersecurity Accounts to Follow on Twitter

Addressing Remote Desktop Attacks and Security

Stay Connected