Information Security, Malware and System Administration

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

The module has full access to all the firmware, hardware, software, and operating system installed on the server. . The attacks were spotted by Iranian cybersecurity firm Amnpardaz, this is the first time ever that malware targets iLO firmware. ” reads the report published by the expers. ” continues the report.

Firmware

Firmware Malware System Administration Technology

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. AvosLocker affiliates use legitimate software and open-source remote system administration tools to compromise the victims’ networks.

Ransomware

Ransomware System Administration Antivirus Malware

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 See the latest malware analysis report on their TTPs at @CNMF_CyberAlert. v1 , U.S. .

Malware

Malware Government Passwords System Administration

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

. “Synology PSIRT (Product Security Incident Response Team) has recently seen and received reports on an increase in brute-force attacks against Synology devices. Synology’s security researchers believe the botnet is primarily driven by a malware family called “StealthWorker.” Pierluigi Paganini.

Ransomware

Ransomware System Administration Malware Authentication

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

System Administration

System Administration Data breaches Accountability Passwords

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years in prison for having served as a manager and systems administrator for the financially motivated group FIN7 , aka Carbanak. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.

System Administration

System Administration Penetration Testing Malware Banking

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies.

System Administration

System Administration Government Phishing Malware

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015.

System Administration

System Administration Malware Accountability Marketing

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

WeSteal is a Python-based malware that uses regular expressions to search for strings related to wallet addresses that victims have copied to their clipboard. “When pursuing cases against malware authors, prosecutors typically need to demonstrate the author’s intent for the malware. There is the name of the malware itself.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware System Administration Hacking Media

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

CISA is ISACA’s (Information Systems Audit and Control Association) high-level certification designed for those who audit, control, monitor, and assess an organization’s information technology and business systems. These individuals will be the elite of information security and the top practitioners in the field.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Security Affairs

SEPTEMBER 27, 2023

The nation-state actors employed multiple custom malware families targeting Windows, Linux, and FreeBSD operating systems. Custom malware families used by the group include BendyBear, Bifrose, BTSDoor, FakeDead (a.k.a.

Firmware

Firmware Telecommunications System Administration Malware

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

Upon its initialization, the malware removes itself from the loaded modules list and updates the last_module_id with the previously loaded module to delete any trace of its presence. “This CAKETAP variant targeted specific messages destined for the Payment Hardware Security Module (HSM).” ” concludes the report.

Banking

Banking Telecommunications System Administration Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer. “Thanks to you, we are now developing in the field of information security and anonymity!,” “I opened an American visa for myself, it was not difficult to get.

Advertising

Advertising Cybercrime System Administration Hacking

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware. European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation.

Malware

Malware Banking System Administration Hacking

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

DECEMBER 7, 2020

“This advisory emphasizes the importance for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) system administrators to apply vendor-provided patches to affected VMware® identity management products and provides further details on how to detect and mitigate compromised networks.”

System Administration

System Administration Authentication Hacking Cybersecurity

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

VNC is a desktop sharing system – you can use it to remotely access your work computer from home or any other location, or allow technical support staff to do likewise. Ideally, VNC should be used only with authenticated users, such as system administrators. “It was so easy to gain access to these systems.

Authentication

Authentication Cyber Attacks System Administration Internet

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Security Affairs

AUGUST 19, 2020

US CISA published an alert related to a new North Korean malware, dubbed BLINDINGCAN, used in attacks on the US defense and aerospace sectors. According to the government experts, the BLINDINGCAN malware was employed in attacks aimed at US and foreign companies operating in the military defense and aerospace sectors.

Malware

Malware Cyber threats Government System Administration

Experts spotted Syslogk, a Linux rootkit under development

Security Affairs

JUNE 14, 2022

Linux rootkits are malware installed as kernel modules in the operating system. Once installed, they intercept legitimate Linux commands to filter out information that they do not want to be displayed, such as the presence of files, folders, or processes. ” concludes the report which also includes indicators of compromise.

Malware

Malware System Administration Antivirus Architecture

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

Security Affairs

MAY 21, 2023

Unfortunately, as system administrators seek ways to control access to these platforms, users may seek out alternative ways to gain access.” However, this recent campaign shows malicious ads can still slip by moderators and deliver victims malware.” In this case, the visitors were downloading Midjourney-x64.msix,

System Administration

System Administration Advertising Malware Hacking

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux.

IoT

IoT Cryptocurrency Malware System Administration

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

At the time, BleepingComputer reported that the City’s court system canceled all jury trials and jury duty for several days starting from May 2nd. CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems.

Ransomware

Ransomware Surveillance Healthcare Accountability

LockBit ransomware group claims to have hacked Bridgestone Americas

Security Affairs

MARCH 13, 2022

“Bridgestone Americas are currently investigating a potential information security incident. All we do is provide paid training to system administrators around the world on how to properly set up a corporate network. We are only interested in money for our harmless and useful work.

Hacking

Hacking Ransomware Manufacturing Cyber Attacks

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

Even with high-level security measures, no one is safe from such threats. That is why most companies hire professional information security services to mitigate the risks arising from data breaches. Human errors often lead to data breaches, malware, and virus attacks that might compromise the company’s systems.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

The Malware Threat behind CurveBall. Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. .

System Administration

System Administration Malware Advertising Risk

Kimsuky APT poses as journalists and broadcast writers in its attacks

Security Affairs

JUNE 3, 2023

“In many instances, Kimsuky actors do not attach malware to their initial email. Additionally, the APT group also impersonates operators or administrators of popular web portals claiming that a victim’s account has been locked following suspicious activity or fraudulent use. ” continues the advisory.

Social Engineering

Social Engineering Phishing System Administration Engineering

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

APRIL 25, 2021

The vendor recommended changing system administrator account, reset access control, and installing the latest available version. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Follow me on Twitter: @securityaffairs and Facebook.

System Administration

System Administration Firmware Government Hacking

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

ESET researchers discovered a new malware associated with the Stealth Falcon APT group that abuses the Windows BITS service to stealthy exfiltrate data. Security researchers from discovered a new malware associated with the Stealth Falcon cyber espionage group that abuses the Windows BITS service to stealthy exfiltrate data.

Malware

Malware Advertising System Administration Spyware

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes. The Bugat malware a multifunction malware package designed to automate the theft of confidential personal and financial information. Attorney Brady.

Banking

Banking Malware Cybercrime Accountability

Earning Trust In Public Cloud Services

SiteLock

OCTOBER 12, 2021

They are also becoming more concerned about how the provider monitors security events, responds to malware attacks , and reports on these issues. David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net.

System Administration

System Administration Insurance Penetration Testing Social Engineering

Red Team vs Blue Team vs Purple Team: Differences Explained

eSecurity Planet

FEBRUARY 21, 2023

Blue team members might be led by a chief information security officer (CISO) or director of security operations, making this team the largest among the three. Blue teams consist of security analysts, network engineers and system administrators.

Social Engineering

Social Engineering Penetration Testing Engineering Risk

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them. SecurityAffairs – malware, Patch Tuesday). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

System Administration

System Administration Advertising Internet Internet

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

The website is a clone of the website of Convergent Network Solutions Ltd , Bastion Secure’s ‘About’ page states that is a spinoff of the legitimate cybersecurity firm that anyway not linked to the criminal gang. Once gained access to the target network, the threat actors could then drop malware and ransomware. .

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over. Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing.

System Administration

System Administration Hacking Cyber threats Accountability

Topic-specific policy 2/11: physical and environmental security

Notice Bored

OCTOBER 12, 2021

but are they 'information security controls'? If you determine that a policy in this area would be worthwhile for your organisation, but don't presently have one, the SecAware "physical information security" policy template is a starting point. I would argue yes for some, perhaps most of them.

Manufacturing

Manufacturing Risk System Administration Information Security

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

Security Affairs

FEBRUARY 2, 2021

System administrators are recommended to update their VMWare ESXi installs or disable SLP support to secure them. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Encryption

Encryption Ransomware System Administration Hacking

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

Two months after fully restoring its systems, CNA Financial, the leading US insurance company that was attacked by a group using Phoenix CryptoLocker ransomware, issued a legal notice of an information security incident to the Consumer Protection Bureau in New Hampshire.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security Affairs

FEBRUARY 5, 2021

“The first allows you to obtain the hash of the system administrator account due to excessive DBMS user privileges, which gives you access to the API without decrypting the hash value. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Firewall

Firewall System Administration Technology Hacking

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

. “Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” states the FBI’s PIN alert.

Passwords

Passwords Social Engineering Software System Administration

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

Security Affairs

DECEMBER 24, 2020

The attacks began last week, the systems administrator Marco Hofmann first detailed them. I found these source IP addresses of the attackers in my nstraces: 45.200.42.0/24 24 220.167.109.0/24 Most of the victims of these attacks are in the gaming industry. ” wrote Hofmann.

DDOS

DDOS System Administration VPN Authentication

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

According a report recently published by Chinese security firm Qihoo 360, leaked materials they collected reveal that Vault 7 was developed by Joshua and that APT-C -39 a CIA-linked hacking unit. Qihoo 360 reported that technical details of most implants used by the APT-C-39 are consistent with the ones described in the Vault 7 dump.

Hacking

Hacking Engineering Data breaches Advertising

Critical Apache Guacamole flaws expose organizations at risk of hack

Security Affairs

JULY 2, 2020

Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines.

Hacking

Hacking Risk System Administration Authentication

Who and What is Behind the Malware Proxy Service SocksEscort?

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Webinars

Trending Sources

FBI and CISA published a new advisory on AvosLocker ransomware

Webinars

US govt agencies share details of the China-linked espionage malware Taidoor

StealthWorker botnet targets Synology NAS devices to drop ransomware

Yandex security team caught admin selling access to users’ inboxes

A member of the FIN7 group was sentenced to 10 years in prison

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Administrators of bulletproof hosting sentenced to prison in the US

WeSteal, a shameless commodity cryptocurrency stealer available for sale

North Korea-linked Lazarus APT targets the IT supply chain

15 Top Cybersecurity Certifications for 2022

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Caketap, a new Unix rootkit used to siphon ATM banking data

Meet the Administrators of the RSOCKS Proxy Botnet

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Hacker breaches key Russian ministry in blink of an eye

CISA’s MAR warns of North Korean BLINDINGCAN RAT

Experts spotted Syslogk, a Linux rootkit under development

BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

LockBit ransomware group claims to have hacked Bridgestone Americas

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Yomi Hunter Catches the CurveBall

Kimsuky APT poses as journalists and broadcast writers in its attacks

Hackers are targeting Soliton FileZen file-sharing servers

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

US authorities charged Dridex gang members for stealing over $100 Million

Earning Trust In Public Cloud Services

Red Team vs Blue Team vs Purple Team: Differences Explained

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Microsoft to notify Office 365 users of nation-state attacks

Topic-specific policy 2/11: physical and environmental security

Ransomware operators exploit VMWare ESXi flaws to encrypt disks of VMs

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Roboto, a new P2P botnet targets Linux Webmin servers

FBI’s alert warns about using Windows 7 and TeamViewer

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

CIA elite hacking unit was not able to protect its tools and cyber weapons

Critical Apache Guacamole flaws expose organizations at risk of hack

Stay Connected