Internet, Software and System Administration

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

If that wasn’t bad enough, the attack surface companies must defend is expanding inwardly, as well – as software tampering at a deep level escalates. This now includes paying much closer attention to the elite threat actors who are moving inwardly to carve out fresh vectors taking them deep inside software coding. Obfuscated tampering.

Software

Software Internet Internet System Administration

SolarWinds Detected Six Months Earlier

Schneier on Security

MAY 3, 2023

Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Engineering Internet

Log4J: What You Need to Know

Adam Levin

DECEMBER 17, 2021

The entire technology industry received a sizable lump of coal in their collective stocking earlier this week in the form of two major security vulnerabilities in a widely-used software tool. Here’s a quick breakdown of what it means for internet users. They quickly released a software patch to address the vulnerability.

Internet

Internet Internet System Administration Software

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

JUNE 13, 2023

today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center.

Social Engineering

Social Engineering System Administration Authentication Internet

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors.

DDOS

DDOS System Administration Internet Internet

Top 8 trusted cybersecurity companies in the world

CyberSecurity Insiders

APRIL 10, 2022

As soon as the government of the United States announced a ban on Russian security software provided by Kaspersky, all the system administrators working across the world searched for the most trusted cybersecurity software companies in the world.

Cybersecurity

Cybersecurity Antivirus System Administration Threat Detection

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. SocksEscort[.]com

Malware

Malware VPN Internet Internet

SolarWinds Detected Six Months Earlier

Security Boulevard

MAY 3, 2023

Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Internet Internet

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

JULY 14, 2020

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon.

DNS

DNS Backups System Administration Software

Microsoft Patch Tuesday, February 2022 Edition

Krebs on Security

FEBRUARY 8, 2022

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. One important item to note this week is that Microsoft announced it will start blocking Internet macros by default in Office. Redmond has been steadily spooling out patches for this service ever since.

Authentication

Authentication Internet Internet System Administration

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

I had the chance to discuss these findings last week at Black Hat USA 2022, with John Shier, senior security advisor at Sophos, a next-generation cybersecurity leader with a broad portfolio of managed services, software and hardware offerings. Configure system administrative tools more wisely. I’ll keep watch and keep reporting.

Ransomware

Ransomware System Administration Cyber Attacks Hacking

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. It’s notable that open-source software vulnerabilities comprise just one of several paths ripe for malicious manipulation. Related: The exposures created by API profileration.

Firewall

Firewall Digital transformation Internet Internet

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

One of the most vulnerable areas that hackers use to infiltrate a company’s system is the network. The Internet network is vulnerable as cybercriminals are lurking online, waiting to intercept loopholes for hacking systems. Company systems require various software programs to function. Security Systems.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Malware Evolves to Present New Threats to Developers

Security Boulevard

FEBRUARY 10, 2022

Software developers face new threats from malicious code as their tools and processes have proven to be an effective and lucrative threat vector. Traditionally, software developers have protected themselves from malicious code like everyone else?—?by Early Internet. Malware, or code written for malicious purposes, is evolving.

Malware

Malware Software Ransomware Adware

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

” At present, Synology PSIRT has seen no indication of the malware exploiting any software vulnerabilities.” The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, .

Ransomware

Ransomware System Administration Malware Authentication

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 “Experience in backup, increase privileges, mikicatz, network. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover

SC Magazine

JULY 7, 2021

The second vulnerability is caused by a third-party software component from Redis. If a user claims to have a given identity within the Vue platform, the Redis software does not prove or insufficiently proves the users’ claims are correct. The Redis component also holds the third 9.8 flaw, which is caused by improper authentication.

VPN

VPN Software System Administration Authentication

Nitrogen shelling malware from hacked sites

Malwarebytes

JANUARY 31, 2024

Malicious ads The ads are displayed via Google searches for popular search terms related to programs used by IT and system administrators. Here, we’re simply observers and looking at the file managers that are open on the internet. In fact, anyone could easily change the files or even delete them.

Malware

Malware Hacking System Administration Ransomware

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Microsoft, supplier of the Windows operating system used ubiquitously in enterprise networks, recently disclosed that fully 70% of all security bugs pivot off what the software giant refers to as “memory safety issues.”. Thus, memory attacks unfold only when the application is executing, and then they disappear without a trace.

Hacking

Hacking Energy and Utilities System Administration Accountability

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

The exploitation of this vulnerability could cause major problems on the Internet. million servers running RPCBIND on the Internet. RPCBIND is software that provides client programs with the information they need about server programs available on a network. The multiplication of this exploit in a 2.6

DDOS

DDOS Internet Internet System Administration

Update now! Microsoft patches two zero-days

Malwarebytes

SEPTEMBER 14, 2022

Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. Only systems with the IPSec service running are vulnerable to this attack.

System Administration

System Administration Authentication Internet Internet

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations: Maintain up-to-date antivirus signatures and engines. Keep operating system patches up-to-date. Restrict users’ ability (permissions) to install and run unwanted software applications.

Malware

Malware Government Passwords System Administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Chinese hackers employed open-source tools for reconnaissance and vulnerability scanning, according to the government experts, they have utilized open-source router specific software frameworks, RouterSploit and RouterScan [ T1595.002 ], to identify vulnerable devices to target.

Telecommunications

Telecommunications Authentication Passwords Accountability

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The gang leverages exposed remote administration services and internet-facing vulnerabilities to gain and maintain access to victim networks. Technical Details Makop ransomware operator arsenal is a hybrid one: it contains both cust-developed tools and off-the-shelf software taken from public repositories.

Ransomware

Ransomware Software System Administration Encryption

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

The script init2 kills any previous versions of the miner software that might be running, and installs itself. Cashdollar explained that threat actors started scanning the Internet for Intel systems that would accept files over SSH port 22 to maximize their efforts. firefoxcatche (sic) doesn’t exist.

IoT

IoT Cryptocurrency Malware System Administration

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

PKI is the authentication and encryption framework on which the Internet is built. It works by issuing digital certificates to verify the authenticity of the servers ingesting the data trickling in from our smartphones, Internet of Things sensors and the like. These apps, in turn, will make use of data stored in data lakes.

Encryption

Encryption Artificial Intelligence IoT Data collection

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

SecureList

OCTOBER 13, 2022

In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). This creates a large attack surface where any software relying on cpio might in theory be leveraged to take over the system.

System Administration

System Administration Malware Passwords Internet

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Mitigations that would consist of restricting permissions for driver installations could be challenging because you have to modify Windows registry entries, so if it’s not executed correctly, you might damage the system. Also read: Best Patch Management Software. Protecting Against PrintNightmare, MFA Exploits. Network Best Practices.

VPN

VPN Accountability Authentication Passwords

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

SEPTEMBER 11, 2019

Rising implementations of cloud services and IoT systems, not to mention the arrival of 5G, has quickened the pace of software development and multiplied data handling complexities. PowerShell is a command-line shell designed to make it convenient for system administrators to automate tasks and manage system configurations.

Big data

Big data Firewall Digital transformation Software

What is Cybersecurity?

SiteLock

AUGUST 27, 2021

Dictionary.com defines it as: precautions taken to guard against crime that involves the internet, especially unauthorized access to computer systems and data connected to the internet. As the name implies, website security protects a website from cyber threats on the internet. However, there is much more to it than that.

Cybersecurity

Cybersecurity Malware VPN Network Security

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

script deploys a Monero miner and also a port scanning software, which will scan for other vulnerable Docker Engine installs. The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. Run the script (auto.sh).

Engineering

Engineering Cryptocurrency System Administration Advertising

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

To boost productivity, they must leverage cloud infrastructure and participate in agile software development. The software giant’s intent was to make it more convenient and efficient for system administrators to perform Windows upkeep. Related: How ‘PAM’ improves authentication.

Accountability

Accountability Passwords Hacking Cyber Risk

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Many used browsers that they were accustomed to, not browsers of choice, or default browsers set by organizations, such as the Internet Explorer. Browsers, on the other hand, reported what versions of software and plugins they have automatically. Still, this change makes attacks and the infection process much harder.

Cybercrime

Cybercrime Banking Malware Ransomware

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

com — is different from the one I saw in late December, but it was hosted at the same Internet address as officesuited[.]com If you can’t or don’t want to do that, at least make sure you have security logging turned on so it’s generating an alert when people are introducing new software into your infrastructure.”

Phishing

Phishing Passwords Accountability Authentication

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

The Industrial Internet of Things (IIoT) puts networked sensors and intelligent devices directly on the manufacturing floor to collect data, drive artificial intelligence and do predictive analytics. Clearly, traditional firewalls and antivirus systems will not be sufficient; the complex IIoT infrastructure demands something more advanced.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

During one of the projects, an SQL injection into an application that was open to signup by any internet user let us obtain the credentials of an internal system administrator. Mitigation: take regular inventories of software components you use, and update as required. Disable any unused components.

Passwords

Passwords Authentication Architecture Risk

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

Between January and August 2020, unidentified actors used aggregation software to link actor-controlled accounts to client accounts belonging to the same institution, resulting in more than $3.5 Some of the credentials belonged to company leadership, system administrators, and other employees with privileged access.".

Banking

Banking Passwords Accountability DDOS

PrintNightmare 0-day can be used to take over Windows domain controllers

Malwarebytes

JULY 1, 2021

As a Domain Admin they could then act almost with impunity, spreading ransomware, deleting backups and even disabling security software. For the systems that do need the Print Spooler service to be running make sure they are not exposed to the internet. Mitigation.

System Administration

System Administration Backups Marketing Engineering

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

The Last Watchdog

MARCH 13, 2019

Granted, a high percentage of malicious software circulating in the wild is successfully filtered by advanced antivirus suites or gets detonated in sandboxes before they can do harm. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Effective attacks.

Malware

Malware CSO System Administration Financial Services

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

IT Security Guru

JANUARY 12, 2021

Secure Software Development. IoT (Internet of Things) Security. System Administrator (or, sysadmin). Here’s a brief overlook of the kind of specializations you can earn if you decide to take a plunge into cybersecurity: Penetration testing (or, pentesting). Secure DevOps. Web/Mobile Application security.

Cybersecurity

Cybersecurity Government IoT Penetration Testing

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

Still, in the wrong hands, RDP attacks and vulnerabilities related to remote desktop software are a severe threat. Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. Also read : Best Internet Security Suites & Software.

VPN

VPN Software Authentication Encryption

How to Perform a Vulnerability Scan in 10 Steps

eSecurity Planet

JULY 20, 2023

To accurately detect products and associated vulnerabilities, a full system scan should be done beforehand. This thorough scan with a comprehensive configuration helps in the identification of the software and services operating on the systems, which is critical for successful CVE scanning.

Authentication

Authentication Penetration Testing Risk Software

Vulnerability Management as a Service: Top VMaaS Providers

eSecurity Planet

OCTOBER 24, 2022

There are 20,000 or more new software and hardware vulnerabilities every year, yet only a few hundred might be actively exploited. VMaaS is a way to deliver these services via the cloud rather than downloading and running on-premises software. That process can be overwhelming. What is Vulnerability Management as a Service?

Software

Software Risk Healthcare Artificial Intelligence

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

SolarWinds Detected Six Months Earlier

Trending Sources

Log4J: What You Need to Know

Microsoft Patch Tuesday, June 2023 Edition

DDoS Mitigation Firm Founder Admits to DDoS

Top 8 trusted cybersecurity companies in the world

Who and What is Behind the Malware Proxy Service SocksEscort?

SolarWinds Detected Six Months Earlier

‘Wormable’ Flaw Leads July Microsoft Patches

Microsoft Patch Tuesday, February 2022 Edition

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Malware Evolves to Present New Threats to Developers

StealthWorker botnet targets Synology NAS devices to drop ransomware

A Closer Look at the Snatch Data Ransom Group

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover

Nitrogen shelling malware from hacked sites

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Update now! Microsoft patches two zero-days

US govt agencies share details of the China-linked espionage malware Taidoor

China-linked threat actors have breached telcos and network service providers

Dissecting the malicious arsenal of the Makop ransomware gang

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

USBAnywhere BMC flaws expose Supermicro servers to hack

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

What is Cybersecurity?

Crooks continue to abuse exposed Docker APIs for Cryptojacking

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

Tricky Phish Angles for Persistence, Not Passwords

Machine Identities are Essential for Securing Smart Manufacturing

Top 10 web application vulnerabilities in 2021–2023

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

PrintNightmare 0-day can be used to take over Windows domain controllers

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

Addressing Remote Desktop Attacks and Security

How to Perform a Vulnerability Scan in 10 Steps

Vulnerability Management as a Service: Top VMaaS Providers

Stay Connected