Internet, Software and System Administration

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Krebs on Security

MARCH 11, 2025

Rapid7’s lead software engineer Adam Barnett said Windows 11 and Server 2019 onwards are not listed as receiving patches, so are presumably not vulnerable. The SANS Internet Storm Center has a useful list of all the Microsoft patches released today, indexed by severity.

System Administration

System Administration Engineering Internet Internet

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors.

DDOS

DDOS System Administration Internet Internet

SolarWinds Detected Six Months Earlier

Schneier on Security

MAY 3, 2023

Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Engineering Internet

Patch Tuesday, October 2024 Edition

Krebs on Security

OCTOBER 8, 2024

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Cemerikic noted that while Internet Explorer is being retired on many platforms, its underlying MSHTML technology remains active and vulnerable.

Engineering

Engineering Internet Internet System Administration

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

JULY 14, 2020

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon.

DNS

DNS Backups Software System Administration

Log4J: What You Need to Know

Adam Levin

DECEMBER 17, 2021

The entire technology industry received a sizable lump of coal in their collective stocking earlier this week in the form of two major security vulnerabilities in a widely-used software tool. Here’s a quick breakdown of what it means for internet users. They quickly released a software patch to address the vulnerability.

Internet

Internet Internet System Administration Software

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

JUNE 13, 2023

today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center.

Social Engineering

Social Engineering System Administration Authentication Internet

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

A software update in April caused problems in a number of distributions, such as Red Hat, Debian and Rocky. Linux is the operating system used by many key infrastructure and security facilities. It is a critical tool in various fields, including system administration, development, and cybersecurity. Why does it matter?

Internet

Internet Internet Risk Social Engineering

Microsoft Patch Tuesday, February 2022 Edition

Krebs on Security

FEBRUARY 8, 2022

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. One important item to note this week is that Microsoft announced it will start blocking Internet macros by default in Office. Redmond has been steadily spooling out patches for this service ever since.

Authentication

Authentication Internet Internet System Administration

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

Highlights of what I learned: Coding level The continual monitoring and hardening of business software as it is being rapidly developed, tested and deployed in the field has become a foundational best practice. AppSec technology security-hardens software at the coding level. San Jose, Calif.-based

Software

Software Technology Mobile Cybersecurity

Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring

The Last Watchdog

AUGUST 5, 2024

Steady advances in software and hardware mechanisms to secure identities and privileged access have helped; yet crippling network breaches that start by fooling or spoofing a single human user continue to proliferate. . Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

System Administration

System Administration Passwords Encryption Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. SocksEscort[.]com

Malware

Malware VPN Internet Internet

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. It’s notable that open-source software vulnerabilities comprise just one of several paths ripe for malicious manipulation. Related: The exposures created by API profileration.

Firewall

Firewall Internet Internet Digital transformation

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

I had the chance to discuss these findings last week at Black Hat USA 2022, with John Shier, senior security advisor at Sophos, a next-generation cybersecurity leader with a broad portfolio of managed services, software and hardware offerings. Configure system administrative tools more wisely. I’ll keep watch and keep reporting.

Ransomware

Ransomware System Administration Cyber Attacks Hacking

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Microsoft, supplier of the Windows operating system used ubiquitously in enterprise networks, recently disclosed that fully 70% of all security bugs pivot off what the software giant refers to as “memory safety issues.”. Thus, memory attacks unfold only when the application is executing, and then they disappear without a trace.

Hacking

Hacking Energy and Utilities System Administration Accountability

Top 8 trusted cybersecurity companies in the world

CyberSecurity Insiders

APRIL 10, 2022

As soon as the government of the United States announced a ban on Russian security software provided by Kaspersky, all the system administrators working across the world searched for the most trusted cybersecurity software companies in the world.

Cybersecurity

Cybersecurity Antivirus System Administration Threat Detection

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 “Experience in backup, increase privileges, mikicatz, network. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

MARCH 30, 2020

Agile software innovation is the order of the day. It’s a way to replace the clunky controls that were designed to cordon off certain zones of on-premises IT infrastructure with sleek, software-defined controls that are more fitting for the hybrid cloud networks that will take us forward. Wonderous digital services are the result.

Firewall

Firewall Marketing Digital transformation Cloud Migration

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

com — is different from the one I saw in late December, but it was hosted at the same Internet address as officesuited[.]com If you can’t or don’t want to do that, at least make sure you have security logging turned on so it’s generating an alert when people are introducing new software into your infrastructure.”

Phishing

Phishing Passwords Accountability Authentication

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

NEROWOLFE A search on the ICQ number 669316 at Intel 471 shows that in April 2011, a user by the name NeroWolfe joined the Russian cybercrime forum Zloy using the email address d.horoshev@gmail.com , and from an Internet address in Voronezh, RU. 2011 said he was a system administrator and C++ coder. “P.S. .

Ransomware

Ransomware Cybercrime Accountability Malware

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

” At present, Synology PSIRT has seen no indication of the malware exploiting any software vulnerabilities.” The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, .

Ransomware

Ransomware System Administration Malware Authentication

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

The exploitation of this vulnerability could cause major problems on the Internet. million servers running RPCBIND on the Internet. RPCBIND is software that provides client programs with the information they need about server programs available on a network. The multiplication of this exploit in a 2.6

DDOS

DDOS Internet Internet System Administration

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

PKI is the authentication and encryption framework on which the Internet is built. It works by issuing digital certificates to verify the authenticity of the servers ingesting the data trickling in from our smartphones, Internet of Things sensors and the like. These apps, in turn, will make use of data stored in data lakes.

Encryption

Encryption Artificial Intelligence IoT Data collection

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover

SC Magazine

JULY 7, 2021

The second vulnerability is caused by a third-party software component from Redis. If a user claims to have a given identity within the Vue platform, the Redis software does not prove or insufficiently proves the users’ claims are correct. The Redis component also holds the third 9.8 flaw, which is caused by improper authentication.

VPN

VPN Software System Administration Authentication

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The script init2 kills any previous versions of the miner software that might be running, and installs itself. Cashdollar explained that threat actors started scanning the Internet for Intel systems that would accept files over SSH port 22 to maximize their efforts. firefoxcatche (sic) doesn’t exist.

IoT

IoT Cryptocurrency Malware System Administration

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

SEPTEMBER 11, 2019

Rising implementations of cloud services and IoT systems, not to mention the arrival of 5G, has quickened the pace of software development and multiplied data handling complexities. PowerShell is a command-line shell designed to make it convenient for system administrators to automate tasks and manage system configurations.

Big data

Big data Firewall Digital transformation Software

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software are a severe threat. Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. Also read : Best Internet Security Suites & Software.

VPN

VPN Software Authentication Encryption

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

One of the most vulnerable areas that hackers use to infiltrate a company’s system is the network. The Internet network is vulnerable as cybercriminals are lurking online, waiting to intercept loopholes for hacking systems. Company systems require various software programs to function. Security Systems.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Malware Evolves to Present New Threats to Developers

Security Boulevard

FEBRUARY 10, 2022

Software developers face new threats from malicious code as their tools and processes have proven to be an effective and lucrative threat vector. Traditionally, software developers have protected themselves from malicious code like everyone else?—?by Early Internet. Malware, or code written for malicious purposes, is evolving.

Malware

Malware Software Ransomware Adware

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

To boost productivity, they must leverage cloud infrastructure and participate in agile software development. The software giant’s intent was to make it more convenient and efficient for system administrators to perform Windows upkeep. Related: How ‘PAM’ improves authentication.

Accountability

Accountability Passwords Hacking Cyber Risk

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Managed service providers (MSPs) have long relied on third-party software to manage clients’ IT infrastructure, but a massive ransomware attack launched over the weekend at customers of Kaseya will likely cause MSPs to take a harder look at the security of their IT suppliers. Establishing Standards for Secure Systems.

Ransomware

Ransomware Software B2B System Administration

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

script deploys a Monero miner and also a port scanning software, which will scan for other vulnerable Docker Engine installs. The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. Run the script (auto.sh).

Engineering

Engineering Cryptocurrency System Administration Advertising

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

eSecurity Planet

JULY 15, 2024

The majority of incidents involved malicious threat actors exploiting vulnerabilities in several software and systems. To reduce the risks caused by these vulnerabilities, affected users should apply patches, upgrade software, and strengthen security measures as soon as possible. Microsoft patched 143 vulnerabilities.

Authentication

Authentication Backups Software Risk

Thousands of RDM refrigeration systems exposed online are at risk

Security Affairs

FEBRUARY 10, 2019

“They all come with a default username and “1234” as the default password, which is rarely changed by system administrators.” In many cases, the web interface can be accessed without authentication. ” reads the analysis published by Safety Detective.

Risk

Risk Passwords System Administration Advertising

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

SecureList

OCTOBER 13, 2022

In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system.

System Administration

System Administration Malware Passwords Internet

SolarWinds Detected Six Months Earlier

Security Boulevard

MAY 3, 2023

Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Internet Internet

Update now! Microsoft patches two zero-days

Malwarebytes

SEPTEMBER 14, 2022

Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. Only systems with the IPSec service running are vulnerable to this attack.

System Administration

System Administration Authentication Internet Internet

Nitrogen shelling malware from hacked sites

Malwarebytes

JANUARY 31, 2024

Malicious ads The ads are displayed via Google searches for popular search terms related to programs used by IT and system administrators. Here, we’re simply observers and looking at the file managers that are open on the internet. In fact, anyone could easily change the files or even delete them.

Malware

Malware Hacking System Administration Ransomware

Vulnerability Management as a Service: Top VMaaS Providers

eSecurity Planet

OCTOBER 24, 2022

There are 20,000 or more new software and hardware vulnerabilities every year, yet only a few hundred might be actively exploited. VMaaS is a way to deliver these services via the cloud rather than downloading and running on-premises software. That process can be overwhelming. What is Vulnerability Management as a Service?

Software

Software Risk Healthcare Data breaches

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Many used browsers that they were accustomed to, not browsers of choice, or default browsers set by organizations, such as the Internet Explorer. Browsers, on the other hand, reported what versions of software and plugins they have automatically. Still, this change makes attacks and the infection process much harder.

Cybercrime

Cybercrime Banking Malware Ransomware

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Chinese hackers employed open-source tools for reconnaissance and vulnerability scanning, according to the government experts, they have utilized open-source router specific software frameworks, RouterSploit and RouterScan [ T1595.002 ], to identify vulnerable devices to target.

Telecommunications

Telecommunications Authentication Passwords Accountability

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Mitigations that would consist of restricting permissions for driver installations could be challenging because you have to modify Windows registry entries, so if it’s not executed correctly, you might damage the system. Also read: Best Patch Management Software. Protecting Against PrintNightmare, MFA Exploits. Network Best Practices.

VPN

VPN Accountability Authentication Passwords

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The gang leverages exposed remote administration services and internet-facing vulnerabilities to gain and maintain access to victim networks. Technical Details Makop ransomware operator arsenal is a hybrid one: it contains both cust-developed tools and off-the-shelf software taken from public repositories.

Ransomware

Ransomware Software Encryption System Administration

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

DDoS Mitigation Firm Founder Admits to DDoS

Trending Sources

SolarWinds Detected Six Months Earlier

Patch Tuesday, October 2024 Edition

‘Wormable’ Flaw Leads July Microsoft Patches

Log4J: What You Need to Know

Microsoft Patch Tuesday, June 2023 Edition

Story of the Year: global IT outages and supply chain attacks

Microsoft Patch Tuesday, February 2022 Edition

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring

Who and What is Behind the Malware Proxy Service SocksEscort?

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Top 8 trusted cybersecurity companies in the world

A Closer Look at the Snatch Data Ransom Group

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

Tricky Phish Angles for Persistence, Not Passwords

How Did Authorities Identify the Alleged Lockbit Boss?

StealthWorker botnet targets Synology NAS devices to drop ransomware

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

USBAnywhere BMC flaws expose Supermicro servers to hack

Addressing Remote Desktop Attacks and Security

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Malware Evolves to Present New Threats to Developers

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Kaseya Breach Underscores Vulnerability of IT Management Tools

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

Thousands of RDM refrigeration systems exposed online are at risk

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

SolarWinds Detected Six Months Earlier

Update now! Microsoft patches two zero-days

Nitrogen shelling malware from hacked sites

Vulnerability Management as a Service: Top VMaaS Providers

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

China-linked threat actors have breached telcos and network service providers

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Dissecting the malicious arsenal of the Makop ransomware gang

Stay Connected