Passwords and System Administration - Cyber Security Informer

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

MAY 24, 2019

Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.

Passwords

Passwords System Administration Encryption

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. I look at this and think, would I be more likely to type my password into a box or more likely to click a button that says ‘okay’?”

Phishing

Phishing Passwords Accountability Authentication

Passwords Security: Past, Present, and Future

Security Boulevard

JULY 16, 2021

The recent report on The State Password Security in the Enterprise reveals several essential findings for system administrators and security professionals alike. First, whether we are happy about it or not, passwords are going to be around for a long time. And third, due to the frequency of cyber-attacks involving.

Passwords

Passwords System Administration Cyber Attacks

Years of Research Reveals Holy Grail of Password Strength

SecureWorld News

NOVEMBER 5, 2020

When it comes to passwords, where is the holy grail that will miraculously maximize security and usability at the same time? Password best practices: 10 years of research. Password best practices: 10 years of research. And during the decade of research, it wasn't just passwords that changed; it was the people, too. "We

Passwords

Passwords System Administration Accountability

Microsoft Pushes MFA Adoption Via Conditional Policies

Security Boulevard

NOVEMBER 7, 2023

Microsoft is taking another step in its aggressive campaign to get enterprises to adopt multifactor authentication (MFA) by rolling out Conditional Access policies requiring the tool for system administrator access into Entra and other cloud environments.

System Administration

System Administration Authentication Passwords Mobile

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. Russian search engine and internet provider Yandex discloses a data breach, the company revealed that one of its system administrators was caught selling access to 4,887 user email accounts.

System Administration

System Administration Data breaches Accountability Passwords

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Webroot

APRIL 2, 2024

A brute force attack is a cyber attack where the attacker attempts to gain unauthorized access to a system or data by systematically trying every possible combination of passwords or keys. There are many already leaked password lists that are commonly used, and they grow after every breach. What is a Brute Force Attack?

Cybersecurity

Cybersecurity Passwords VPN Authentication

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

MAY 5, 2020

. “The mining attempt… quickly overloaded most of our systems which alerted us to the issue immediately,” the company announced May 3, adding that “[t]here is no direct evidence that private customer data, passwords or other information has been compromised. .

Cryptocurrency

Cryptocurrency Hacking System Administration Passwords

Cyber Threat warning issued to all internet connected UPS devices

CyberSecurity Insiders

APRIL 1, 2022

Such devices are now on the verge of being targeted by cyber attacks, says Cybersecurity and Infrastructure Security Agency (CISA) of America, especially those that are being operated with the default username and passwords. Their default passwords offered by the manufacturer should be changed to something tricky, say experts. .

Cyber threats

Cyber threats Internet Internet Energy and Utilities

Researcher compromised the Toyota Supplier Management Network

Security Affairs

FEBRUARY 8, 2023

A user can usually get a JWT after logging into a website using his email and password The analysis of the GSPIMS app allowed the researcher to discover a function named “GenerataJWT” that allows to generate a JWT based on a provided valid email address without providing any password. ” concludes the expert.

System Administration

System Administration Accountability Passwords Hacking

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Distribution of Sensitive Data Exposure vulnerabilities by risk level, 2021–2023 ( download ) Among the sensitive data we identified during our analysis were plaintext one-time passwords and credentials, full paths to web application publish directories and other internal information that could be used to understand the application architecture.

Passwords

Passwords Authentication Architecture Risk

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

Hot for Security

FEBRUARY 10, 2021

The FBI alert, obtained by ZDNet , draws attention to out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.”. .

Hacking

Hacking Social Engineering System Administration Passwords

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.” Windows 10).

Passwords

Passwords Social Engineering Software System Administration

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. The biggest is password re-use by cybercriminals (yes, crooks are lazy, too).

Ransomware

Ransomware Cybercrime System Administration Passwords

Brute Force attack launched by Russia APT28 using Kubernetes

CyberSecurity Insiders

JULY 2, 2021

It is found hacking databases through brute force attacks or password spray via TOR and VPN servers. And then is seen accessing the entire network through stolen credentials and sometimes exploiting vulnerabilities in targeting systems.

System Administration

System Administration VPN Manufacturing Authentication

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

Major vulnerabilities left unpatched, as well as weakly configured system administration tools are sure to get discovered and manipulated, not just once, but many times over. LockBit went in first and exfiltrated data and passwords, and then used PsExe to distribute their ransomware payload.

Ransomware

Ransomware System Administration Cyber Attacks Hacking

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies.

Software

Software Ransomware System Administration Authentication

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

According to Tenable, the remote authentication-bypass vulnerability is tied to an issue related to how HPE handles password resets for administrator accounts. The password change is carried out by sending a request to URL /redfish/v1/SessionService/ResetPassword/1. This allows the attacker to SSH to the EIM host as root.”.

Authentication

Authentication Passwords Accountability System Administration

Microsoft provides more mitigation instructions for the PetitPotam attack

Malwarebytes

JULY 29, 2021

The attack could force remote Windows systems to reveal password hashes that could then be easily cracked. Microsoft quickly sent out an advisory for system administrators to stop using the now deprecated Windows NT LAN Manager (NTLM) to thwart an attack. The authentication process does not require the plaintext password.

Authentication

Authentication Passwords Encryption System Administration

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

The Last Watchdog

APRIL 6, 2021

Privileged accounts assigned special logon credentials to system administrators in charge of onboarding and off boarding users, updating and fixing IT systems and carrying out other network-wide tasks. In point of fact, refocusing on basic PAM hygiene can make a profound impact in today’s operating environment.

Accountability

Accountability Passwords Digital transformation Authentication

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software

Software System Administration Advertising Accountability

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

The software giant’s intent was to make it more convenient and efficient for system administrators to perform Windows upkeep. RDC emerged as a go-to productivity tool, and similar controls swiftly emerged for Macs, IoS, Android and other operating systems in wide use. Password concierge.

Accountability

Accountability Passwords Hacking Cyber Risk

Ransomware – Stop’em Before They Wreak Havoc

Thales Cloud Protection & Licensing

MAY 17, 2023

Remote Desktop Vulnerabilities: Cybercriminals can gain administrative access to an endpoint/server using a Remote Desktop Protocol (RDP) service, using a brute-force method trying to guess passwords, or by using stolen credentials purchased on the Dark Web. MFA for CTE is available for the Windows platform.

Ransomware

Ransomware Encryption Authentication System Administration

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications

Telecommunications Authentication Passwords Accountability

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA. Compare this to climbing the hill of Windows Logon, VPN logon, and web application logon - all with username, password, and Duo prompt - just to get to work in the morning.

Authentication

Authentication VPN System Administration Engineering

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. Despite VMware’s three-year-old deprecation statement, unprotected systems remain at risk.

Risk

Risk Authentication System Administration Ransomware

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

MAY 29, 2020

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.

Cybercrime

Cybercrime System Administration Marketing Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. md , and that they were a systems administrator for sscompany[.]net. co and a VPN provider called HideIPVPN[.]com.

Malware

Malware VPN Internet Internet

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations: Maintain up-to-date antivirus signatures and engines. Keep operating system patches up-to-date. If these services are required, use strong passwords or Active Directory authentication.

Malware

Malware Government Passwords System Administration

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. The flaw affects the procedure for changing expired passwords, the backdoor could be exploited by a remote attacker to execute malicious commands with root privileges on the machine running vulnerable Webmin.

Passwords

Passwords System Administration Advertising DNS

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were then able to use the “PrintNightmare” Windows Print Spooler vulnerability ( CVE-2021-34527 and CVE-2021-36958 ) to obtain administrator privileges. Require all accounts with password logins (e.g.,

VPN

VPN Accountability Authentication Passwords

9 Best Penetration Testing Tools for 2022

eSecurity Planet

FEBRUARY 24, 2022

Best Password Crackers. Password cracking consists of retrieving passwords stored in computer systems. System administrators and security teams (and hackers) can use them to spot weak passwords. The software combines various techniques to crack passwords. Useful links. John the Ripper.

Penetration Testing

Penetration Testing Wireless Passwords Social Engineering

What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

Duo's Security Blog

APRIL 6, 2022

One common hurdle for systems administrators setting up new Duo Unix integrations is PAM — Pluggable Authentication Modules. We hope that the guidance below, combined with our extensive documentation , will help those setting up new integrations get their systems configured quickly and easily. Other Flags.

Authentication

Authentication Passwords Backups System Administration

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover

SC Magazine

JULY 7, 2021

Further, the Redis server operates on a remote host but is not protected by password authentication. is caused by the Vue platform’s use of cryptographic keys or passwords beyond the established expiration date, “which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.”.

VPN

VPN Software System Administration Authentication

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

SecureWorld News

SEPTEMBER 15, 2020

According to a 2020 case study on one of the firms, security researchers identified more than 1,500 email addresses and 6,000 passwords exposed in more than 80 data breaches. Some of the credentials belonged to company leadership, system administrators, and other employees with privileged access.".

Banking

Banking Passwords Accountability DDOS

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

The accused, 36-year-old John “Armada” Revesz , has maintained that Orcus is a legitimate “ R emote A dministration T ool” aimed at helping system administrators remotely manage their computers, and that he’s not responsible for how licensed customers use his product. An advertisement for Orcus RAT.

Malware

Malware Advertising Marketing System Administration

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

If the NAS is exposed to the Internet the dashboard will display the message “The System Administration service can be directly accessible from an external IP address via the following protocols: HTTP.”. Administrator of devices exposed to the Internet should: Disable the Port Forwarding function of the router.

Internet

Internet Internet Ransomware Encryption

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

VNC is a desktop sharing system – you can use it to remotely access your work computer from home or any other location, or allow technical support staff to do likewise. Ideally, VNC should be used only with authenticated users, such as system administrators.

Authentication

Authentication Cyber Attacks System Administration Internet

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

They will often describe potential “legitimate” uses for their malware – only to further describe anti-malware evasion properties, silent installation and operation or features such as cryptocurrency mining, password theft or disabling webcam lights.” ” reads the post published by Palo Alto Networks.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS System Administration Advertising DNS

A bug is about to confuse a lot of computers by turning back time 20 years

Malwarebytes

OCTOBER 22, 2021

Various businesses and organizations rely on these systems. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems.

Authentication

Authentication System Administration Firmware Passwords

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

SecureList

OCTOBER 13, 2022

In addition, manual mitigation steps can be undertaken by system administrators to prevent successful exploitation (see below). Performing disinfection on Zimbra is extremely difficult, as the attacker will have had access to configuration files containing passwords used by various service accounts.

System Administration

System Administration Malware Passwords Internet

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

It’s designed for incident handlers, incident handling team leads, system administrators, security practitioners, and security architects. The GCIH certification validates your ability to detect and resolve computer security incidents using a wide range of essential security skills.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

A baseboard management controller (BMC) is a specialized service processor that monitors the physical state of a computer, network server or other hardware device using sensors and communicating with the system administrator through an independent connection. ” continues the analysis. ” concludes Eclypsium.

Hacking

Hacking Firmware Media Authentication

Google Glitch Left Passwords Unprotected for 14 Years

Tricky Phish Angles for Persistence, Not Passwords

Trending Sources

Passwords Security: Past, Present, and Future

Years of Research Reveals Holy Grail of Password Strength

Microsoft Pushes MFA Adoption Via Conditional Policies

Yandex security team caught admin selling access to users’ inboxes

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Cyber Threat warning issued to all internet connected UPS devices

Researcher compromised the Toyota Supplier Management Network

Top 10 web application vulnerabilities in 2021–2023

FBI Issues Private Industry Notification in Light of Florida Water Plant Hack

FBI’s alert warns about using Windows 7 and TeamViewer

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Brute Force attack launched by Russia APT28 using Kubernetes

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Microsoft provides more mitigation instructions for the PetitPotam attack

MY TAKE: How SMBs can improve security via ‘privileged access management’ (PAM) basics

Cisco fixes a static default credential issue in Smart Software Manager tool

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Ransomware – Stop’em Before They Wreak Havoc

China-linked threat actors have breached telcos and network service providers

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

Career Choice Tip: Cybercrime is Mostly Boring

Who and What is Behind the Malware Proxy Service SocksEscort?

US govt agencies share details of the China-linked espionage malware Taidoor

Backdoored Webmin versions were available for download for over a year

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

9 Best Penetration Testing Tools for 2022

What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

Critical vulnerabilities in Philips Vue PACS devices could allow remote takeover

FBI: Credential Stuffing Leads to Millions in Fraudulent Transfers

Orcus RAT Author Charged in Malware Scheme

How to secure QNAP NAS devices? The vendor’s instructions

Hacker breaches key Russian ministry in blink of an eye

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Roboto, a new P2P botnet targets Linux Webmin servers

A bug is about to confuse a lot of computers by turning back time 20 years

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

15 Top Cybersecurity Certifications for 2022

USBAnywhere BMC flaws expose Supermicro servers to hack

Stay Connected