Hacking, Internet and System Administration

SolarWinds Detected Six Months Earlier

Schneier on Security

MAY 3, 2023

The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Engineering Internet

Nitrogen shelling malware from hacked sites

Malwarebytes

JANUARY 31, 2024

The threat actors seem to have a preference for hosting their payloads on compromised WordPress sites, many of which are already hacked with malicious PHP shell scripts. Malicious ads The ads are displayed via Google searches for popular search terms related to programs used by IT and system administrators.

Malware

Malware Hacking System Administration Ransomware

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. The employee was one of three system administrators with the necessary access rights to provide technical support for the service. SecurityAffairs – hacking, data breach).

System Administration

System Administration Data breaches Accountability Passwords

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. Here’s what I took away from our discussion: Transient hacks. This quickly gets intricately technical.

Hacking

Hacking Energy and Utilities System Administration Accountability

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

And if an enterprise is under an active ransomware attack, or a series of attacks, that’s a pretty good indication several other gangs of hacking specialists came through earlier and paved the way. So they used a hacking tool with a bit of living-off- the-land technique. Configure system administrative tools more wisely.

Ransomware

Ransomware System Administration Cyber Attacks Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. SocksEscort[.]com

Malware

Malware VPN Internet Internet

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors. But that 2016 story came on the heels of an exclusive about the hacking of vDOS — at the time the world’s most popular and powerful DDoS-for-hire service.

DDOS

DDOS System Administration Internet Internet

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

If it sounds unlikely that a normal Internet user could make millions of dollars unmasking the identities of REvil gang members, take heart and consider that the two men indicted as part this law enforcement action do not appear to have done much to separate their cybercriminal identities from their real-life selves. Among those was carder[.]su,

Ransomware

Ransomware Cybercrime System Administration Passwords

SolarWinds Detected Six Months Earlier

Security Boulevard

MAY 3, 2023

The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Internet Internet

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS.

Advertising

Advertising Cybercrime System Administration Hacking

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

. “Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection. “Check whether your NAS is exposed to the Internet.” SecurityAffairs – hacking, QNAP NAS ). Pierluigi Paganini.

Internet

Internet Internet Ransomware Encryption

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

“Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users. The hackers scan the Internet for vulnerable servers that could lead to compromising valuable targets. “In

Hacking

Hacking Advertising System Administration Media

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

Here are the key takeaways: Lower-tier hacks. No organization wants to find itself having to recover from a devastating ransomware hack – or dealing with an unauthorized intruder who has usurped control of its operational systems. But that only served as a dinner bell to criminal hacking rings.

Accountability

Accountability Passwords Hacking Cyber Risk

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

No wonder Russia has been preparing to cut itself off from the global internet, hoping to move key government institutions to a sovereign Runet – a pan-Russian web limited to the Federation – to make them less prone to cyber attacks. Ideally, VNC should be used only with authenticated users, such as system administrators.

Authentication

Authentication Cyber Attacks System Administration Internet

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 “Experience in backup, increase privileges, mikicatz, network. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin.

Ransomware

Ransomware System Administration Backups Technology

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network [ D3-NI ]. Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ]. SecurityAffairs – hacking, China-linked threat actors). Pierluigi Paganini.

Telecommunications

Telecommunications Authentication Passwords Accountability

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . SecurityAffairs – Curveball, hacking). The Malware Threat behind CurveBall.

System Administration

System Administration Malware Advertising Risk

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

One of the most vulnerable areas that hackers use to infiltrate a company’s system is the network. The Internet network is vulnerable as cybercriminals are lurking online, waiting to intercept loopholes for hacking systems. Company systems require various software programs to function. Data Security.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity. Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues have been rated as critical severity.

System Administration

System Administration Advertising Internet Internet

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations: Maintain up-to-date antivirus signatures and engines. Keep operating system patches up-to-date. Scan all software downloaded from the Internet prior to executing. Pierluigi Paganini.

Malware

Malware Government Passwords System Administration

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

The exploitation of this vulnerability could cause major problems on the Internet. million servers running RPCBIND on the Internet. “We then decided to open a server with port 111 exposed on the Internet, with the same characteristics as those who were attacking us and we were monitoring that server for weeks.

DDOS

DDOS Internet Internet System Administration

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” SecurityAffairs – hacking, Human-operated ransomare). ” reads the post published by Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 217,000 instances, most of them located in the United States, France and Germany. SecurityAffairs – Webmin, hacking). Pierluigi Paganini.

Passwords

Passwords System Administration Advertising DNS

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The gang leverages exposed remote administration services and internet-facing vulnerabilities to gain and maintain access to victim networks. Makop gang did not conduct any significative retooling since 2020, which is a clear indicator of their effectiveness even after three years and hundreds of successful compromises.

Ransomware

Ransomware Software System Administration Encryption

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

. “According to the affidavit, foreign law enforcement agents, working in coordination with the FBI, gained lawful access to Emotet servers located overseas and identified the Internet Protocol addresses of approximately 1.6 SecurityAffairs – hacking, Emotet). ” stated the DoJ. . Pierluigi Paganini.

Malware

Malware Banking System Administration Hacking

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Cashdollar explained that threat actors started scanning the Internet for Intel systems that would accept files over SSH port 22 to maximize their efforts. Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems. . ” Cashdollar concludes.

IoT

IoT Cryptocurrency Malware System Administration

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. Security Affairs – Docker APIs, hacking). Ensure that container images are authenticated, signed, and from a trusted registry (i.e., Pierluigi Paganini.

Engineering

Engineering Cryptocurrency System Administration Advertising

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Many used browsers that they were accustomed to, not browsers of choice, or default browsers set by organizations, such as the Internet Explorer. It could be compromised directly or by hacking the account of someone with access to the website management. The year 2016 saw banks in Russia hacked one after another.

Cybercrime

Cybercrime Banking Malware Ransomware

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

NOVEMBER 12, 2018

Ransomware, business email compromises and direct ACH system hacks continue to morph and intensify. Many companies are taking it a step further, selecting certain techies to also receive advanced training and pursue specialty CompTIA certifications in disciplines such as ethical hacking and penetration testing.

Penetration Testing

Penetration Testing System Administration Cybersecurity Technology

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

IT Security Guru

JANUARY 12, 2021

IoT (Internet of Things) Security. System Administrator (or, sysadmin). Hang out with the folk in the Reddit communities , ask them specific questions, and put on your ethical hacking skills to test—to check if you are really cut out for a long-term commitment in cybersecurity. Secure Software Development. Secure DevOps.

Cybersecurity

Cybersecurity Government IoT Penetration Testing

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

Is hacking a crime? Bryan McAninch (Aph3x) talks about his organization, Hacking Is Not A Crime , and the ethical line it draws on various hacking activities. I used to hack the phone company quite a bit. I was like living in our systems for years and I want to get in some trouble for that.

Hacking

Hacking Technology InfoSec Media

2021 Hispanic Heritage Month Pt. 1: A Celebration of Hispanic Heritage and Hope

McAfee

OCTOBER 4, 2021

I started to learn more about how the Internet worked and one thing led to the other. When I was introduced to Linux, I immediately fell in love with it, and this increased my curiosity.

InfoSec

InfoSec System Administration Cybersecurity Engineering

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

The contemporary world has witnessed the rise of the Internet and global communication, and collaboration technologies, including mobile data use and the culture of bring your own device [BYOD]. VoIP phishing and impersonation also victimized millions of corporate employees across the world , contributing to an even greater cyber threat.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack. When administrators noticed suspicious behavior on Friday, Kaseya shut down VSA. VSA server breached. Backup data regularly.

Ransomware

Ransomware B2B Software System Administration

Ransomware Operator: 'Start **cking Up the U.S. Public Sector'

SecureWorld News

OCTOBER 26, 2021

Here is the translated and censored message: "In our difficult and troubled time when the US government is trying to fight us, I call on all partner programs to stop competing, unite and start **cking up the US public sector, show this old man who is the boss here who is the boss and will be on the Internet. For how long?

Ransomware

Ransomware Backups Government Penetration Testing

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

NOVEMBER 28, 2018

Both were well-equipped to teach, test and train individuals ranging from teen-agers and non-technical adults, to working system administrators and even seasoned tech security pros. The Ann Arbor-based nonprofit began as a partnership among three state universities in 1966 and is one of the original building blocks of the Internet.

Cybersecurity

Cybersecurity System Administration Manufacturing Education

Thousands of RDM refrigeration systems exposed online are at risk

Security Affairs

FEBRUARY 10, 2019

“They all come with a default username and “1234” as the default password, which is rarely changed by system administrators.” SecurityAffairs – refrigeration systems, hacking). The post Thousands of RDM refrigeration systems exposed online are at risk appeared first on Security Affairs.

Risk

Risk Passwords System Administration Advertising

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

From the report: "The Twitter Hack is a cautionary tale about the extraordinary damage that can be caused even by unsophisticated cybercriminals. The Hackers further escalated the Twitter Hack and changed the fraud scheme by tweeting payment requests directly from overtaken cryptocurrency companies’ accounts. and 10 a.m.

Social Engineering

Social Engineering Media Scams Financial Services

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

Domain The team knew how much BackTrack was growing in popularity, and as they did not switch the project name when using Ubuntu, it was time to create its own place on the Internet. System Upgrades When the team started work switching from Slax to Ubuntu, they grabbed the latest release at the time (8.10 - Intrepid Ibex).

InfoSec

InfoSec Penetration Testing Architecture Software

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

MARCH 30, 2020

Related: Micro-segmentation taken to the personal device level The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well. It gives system administrators a way to secure each microsegment, separately.

Firewall

Firewall Marketing Digital transformation Cloud Migration

SolarWinds Detected Six Months Earlier

Nitrogen shelling malware from hacked sites

Trending Sources

Yandex security team caught admin selling access to users’ inboxes

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

Who and What is Behind the Malware Proxy Service SocksEscort?

DDoS Mitigation Firm Founder Admits to DDoS

REvil Ransom Arrest, $6M Seizure, and $10M Reward

SolarWinds Detected Six Months Earlier

USBAnywhere BMC flaws expose Supermicro servers to hack

Meet the Administrators of the RSOCKS Proxy Botnet

How to secure QNAP NAS devices? The vendor’s instructions

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

StealthWorker botnet targets Synology NAS devices to drop ransomware

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Hacker breaches key Russian ministry in blink of an eye

A Closer Look at the Snatch Data Ransom Group

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

China-linked threat actors have breached telcos and network service providers

Yomi Hunter Catches the CurveBall

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

US govt agencies share details of the China-linked espionage malware Taidoor

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Backdoored Webmin versions were available for download for over a year

Dissecting the malicious arsenal of the Makop ransomware gang

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

Roboto, a new P2P botnet targets Linux Webmin servers

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

The Hacker Mind Podcast: Ethical Hacking

2021 Hispanic Heritage Month Pt. 1: A Celebration of Hispanic Heritage and Hope

Cyber Security Awareness and Risk Management

Kaseya Breach Underscores Vulnerability of IT Management Tools

Ransomware Operator: 'Start **cking Up the U.S. Public Sector'

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

Thousands of RDM refrigeration systems exposed online are at risk

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

Happy 10th anniversary & Kali's story.so far

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

Stay Connected