Hacking, Information Security and System Administration

LockBit ransomware group claims to have hacked Bridgestone Americas

Security Affairs

MARCH 13, 2022

LockBit ransomware gang claimed to have hacked Bridgestone Americas, one of the largest manufacturers of tires. “Bridgestone Americas are currently investigating a potential information security incident. SecurityAffairs – hacking, Lockbit). We are only interested in money for our harmless and useful work.

Hacking

Hacking Ransomware Manufacturing Cyber Attacks

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

JULY 2, 2020

Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines.

Hacking

Hacking Risk System Administration Authentication

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks. FBI and CISA recommend testing existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

Ransomware

Ransomware System Administration Antivirus Malware

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

System Administration

System Administration Data breaches Accountability Passwords

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking

Hacking Engineering Data breaches Advertising

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

The infrastructure of Toyota was compromised again, this time its global supplier management network was hacked by a researcher. The expert used the JWT to access the GSPIMS portal and after gaining access to the platform he discovered an account with system administrator privileges. ” concludes the expert.

System Administration

System Administration Accountability Passwords Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS.

Advertising

Advertising Cybercrime System Administration Hacking

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

System Administration

System Administration Penetration Testing Malware Banking

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Firmware Media Authentication

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

We’re adding an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.” The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over.

System Administration

System Administration Hacking Cyber threats Accountability

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration

System Administration Government Phishing Malware

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

DECEMBER 7, 2020

“This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks.”

System Administration

System Administration Authentication Hacking Cybersecurity

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, FileZen). Follow me on Twitter: @securityaffairs and Facebook.

System Administration

System Administration Firmware Government Hacking

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

The China-linked hacking group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. The group hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. Pierluigi Paganini.

Banking

Banking Telecommunications System Administration Hacking

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on. GSEC is intended for anyone new to cyber security who has some background in information systems and networks.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. The advisory also includes recommendations for system administrators to prevent the installation of backdoor firmware images and unusual device reboots.

Firmware

Firmware Telecommunications System Administration Malware

Cisco fixed a critical issue in the Unified Contact Center Express

Security Affairs

MAY 25, 2020

The issue could be exploited by supplying a malformed Java object to a specific listener on an vulnerable system. Administrators should update their Unified CCE installs as soon as possible. SecurityAffairs – Unified CCE, hacking). The good news is that Cisco is not aware of attacks in the wild that exploited the flaw.

System Administration

System Administration Advertising Software Hacking

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

VNC is a desktop sharing system – you can use it to remotely access your work computer from home or any other location, or allow technical support staff to do likewise. Ideally, VNC should be used only with authenticated users, such as system administrators. SecurityAffairs – hacking, local Russian Ministry).

Authentication

Authentication Cyber Attacks System Administration Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Usually, these users have no idea their systems are compromised. Image: Lumen’s Black Lotus Labs.

Malware

Malware VPN Internet Internet

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

One of the most outstanding capabilities of iLOBleed is the manipulation of the iLO firmware upgrade routine, when the system administrator tries to upgrade the iLO firmware, the malware simulates the version change while preventing the upgrade routine. . SecurityAffairs – hacking, iLOBleed). ” continues the report.

Firmware

Firmware Malware System Administration Technology

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets. SecurityAffairs – hacking, cyber security). Follow me on Twitter: @securityaffairs and Facebook.

System Administration

System Administration Malware Accountability Marketing

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. SecurityAffairs – hacking, supply chain attack). The nation-state actor used its multi-platform malware framework MATA framework.

Malware

Malware System Administration Hacking Media

Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign

Security Affairs

AUGUST 16, 2023

System administrators need to be aware that adversaries can exploit edge devices to place backdoors that persist even after updates and / or reboots.” As of August 14, most of the backdoored instances are in Germany, France and Switzerland. ” concludes the report.”As

System Administration

System Administration VPN Software Hacking

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” In this case, the visitors were downloading Midjourney-x64.msix, msix, which is a Windows Application Package also signed by ASHANA GLOBAL LTD. ” concludes the report.

System Administration

System Administration Advertising Malware Hacking

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

System administrators are recommended to update their VMWare ESXi installs or disable SLP support to secure them. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, VMWare ESXi). Pierluigi Paganini.

Encryption

Encryption Ransomware System Administration Hacking

Kimsuky APT poses as journalists and broadcast writers in its attacks

Security Affairs

JUNE 3, 2023

Additionally, the APT group also impersonates operators or administrators of popular web portals claiming that a victim’s account has been locked following suspicious activity or fraudulent use. The advisory includes potential mitigation measures for email recipients and recipients’ systems administrators.

Social Engineering

Social Engineering Phishing System Administration Engineering

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. SecurityAffairs – hacking, cyber security).

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City experts believe that the group specifically targeted a prioritized list of servers using legitimate Microsoft system administrative tools. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, City of Dallas ) The post City of Dallas has set a budget of $8.5

Ransomware

Ransomware Surveillance Healthcare Accountability

Yandex sysadmin caught selling access to email accounts

Malwarebytes

FEBRUARY 17, 2021

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team.

Accountability

Accountability Social Engineering System Administration Engineering

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Software

Software System Administration Advertising Accountability

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Fortinet).

Firewall

Firewall System Administration Technology Hacking

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

. “Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” states the FBI’s PIN alert. SecurityAffairs – hacking, FBI). Pierluigi Paganini.

Passwords

Passwords Social Engineering Software System Administration

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

. “Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE’s cloud computing service and used it as a launchpad to attack customers, plundering reams of corporate and government secrets for years in what U.S. “The hacking campaign, known as “ Cloud Hopper ,” was the subject of a U.S.

Identity Theft

Identity Theft Hacking System Administration Advertising

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

Security Affairs

DECEMBER 24, 2020

The attacks began last week, the systems administrator Marco Hofmann first detailed them. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, DDoS). I found these source IP addresses of the attackers in my nstraces: 45.200.42.0/24 24 220.167.109.0/24

DDOS

DDOS System Administration VPN Authentication

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

.” Customers can check whether their NAS is exposed online by using the Security Counselor, a built-in security portal for QNAP NAS devices. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router. SecurityAffairs – hacking, QNAP NAS ). Pierluigi Paganini.

Internet

Internet Internet Ransomware Encryption

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Security Affairs

JULY 6, 2020

Researchers Rich Warren from NCC Group told ZDNet that hackers are attempting to exploit the flaw to steal administrator passwords from the hacked devices. System administrators need to upgrade to fixed versions ASAP. SecurityAffairs – hacking, F5). A proof-of-concept exploit is now publicly available.

System Administration

System Administration Advertising Hacking Banking

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

Organizations with effective spam filtering, proper system administration and up-to-date Windows hosts have a much lower risk of infection.” ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, WeSteal). Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

Even with high-level security measures, no one is safe from such threats. That is why most companies hire professional information security services to mitigate the risks arising from data breaches. One of the most vulnerable areas that hackers use to infiltrate a company’s system is the network. Data Security.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

Create, start, and terminate a new process and its primary thread Search, read, write, move, and execute files Get and modify file or directory timestamps Change the current directory for a process or file Delete malware and artifacts associated with the malware from the infected system. SecurityAffairs – hacking, BLINDINGCAN).

Malware

Malware Cyber threats Government System Administration

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

MAY 28, 2020

Using a previous version of Exim leaves a system vulnerable to exploitation. System administrators should continually check software versions and update as new versions become available.” SecurityAffairs – APT, hacking). ” concludes NSA. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Software

Software System Administration Advertising Technology

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

In May, the FBI and CISA also warned cyber attacks coordinated by Beijing and attempting to steal COVID-19 information from US health care, pharmaceutical, and research industry sectors. Keep operating system patches up-to-date. SecurityAffairs – hacking, Taidoor). Disable File and Printer sharing services. .

Malware

Malware Government Passwords System Administration

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

SSH stands for Secure Shell or Secure Socket Shell and is a network protocol that is most often used by system administrators for remote command-line requests, system logins and also for remote command execution. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Authentication

Authentication Passwords Accountability System Administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Ensure that you have dedicated management systems [ D3-PH ] and accounts for system administrators. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Telecommunications

Telecommunications Authentication Passwords Accountability

LockBit ransomware group claims to have hacked Bridgestone Americas

Critical Apache Guacamole flaws expose organizations at risk of hack

Trending Sources

FBI and CISA published a new advisory on AvosLocker ransomware

Yandex security team caught admin selling access to users’ inboxes

CIA elite hacking unit was not able to protect its tools and cyber weapons

Researcher compromised the Toyota Supplier Management Network

Meet the Administrators of the RSOCKS Proxy Botnet

A member of the FIN7 group was sentenced to 10 years in prison

USBAnywhere BMC flaws expose Supermicro servers to hack

Microsoft to notify Office 365 users of nation-state attacks

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Hackers are targeting Soliton FileZen file-sharing servers

StealthWorker botnet targets Synology NAS devices to drop ransomware

Caketap, a new Unix rootkit used to siphon ATM banking data

15 Top Cybersecurity Certifications for 2022

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Cisco fixed a critical issue in the Unified Contact Center Express

Hacker breaches key Russian ministry in blink of an eye

Who and What is Behind the Malware Proxy Service SocksEscort?

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Administrators of bulletproof hosting sentenced to prison in the US

North Korea-linked Lazarus APT targets the IT supply chain

Approximately 2000 Citrix NetScaler servers were backdoored in a massive campaign

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Kimsuky APT poses as journalists and broadcast writers in its attacks

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Yandex sysadmin caught selling access to email accounts

Cisco fixes a static default credential issue in Smart Software Manager tool

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

FBI’s alert warns about using Windows 7 and TeamViewer

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

How to secure QNAP NAS devices? The vendor’s instructions

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CISA’s MAR warns of North Korean BLINDINGCAN RAT

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

US govt agencies share details of the China-linked espionage malware Taidoor

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

China-linked threat actors have breached telcos and network service providers

Stay Connected