Presentation and System Administration - Cyber Security Informer

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration

System Administration Engineering Internet Internet

Outlaw cybergang attacking targets worldwide

SecureList

APRIL 29, 2025

configrc5" , was created in the user’s home directory with the following structure: configrc5 directory structure Interestingly enough, one of the first execution steps is checking if other known miners are present on the machine using the script a / init0. Chain of commands used by the attackers to download and decompress dota.tar.gz

System Administration

System Administration Authentication Passwords Cryptocurrency

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

Kaspersky presented detailed technical analysis of this case in three parts. It is a critical tool in various fields, including system administration, development, and cybersecurity. Kaspersky products detect malicious objects related to the attack. Why does it matter?

Internet

Internet Internet Risk Social Engineering

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

SecureList

JULY 8, 2025

Analyzing extracted RACF DB information Our racfudit utility can present collected RACF DB information as an SQLite database or a plaintext file. Collecting password hashes One of the primary goals in penetration testing is to get a list of administrators and a way to authorize using their credentials.

Penetration Testing

Penetration Testing Passwords Encryption Authentication

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies.

Software

Software Ransomware System Administration Authentication

Malware Evolves to Present New Threats to Developers

Security Boulevard

FEBRUARY 10, 2022

Threat actors quickly realized the shared-responsibility model used by cloud services presented ample opportunities for exploitation. This technique lets attackers deliver malicious code to thousands of systems through a vector that security measures routinely ignore?—?a a trusted vendor.

Malware

Malware Software Ransomware Adware

Passwords Security: Past, Present, and Future

Security Boulevard

JULY 16, 2021

The recent report on The State Password Security in the Enterprise reveals several essential findings for system administrators and security professionals alike. The post Passwords Security: Past, Present, and Future appeared first on Enzoic. And third, due to the frequency of cyber-attacks involving.

Passwords

Passwords System Administration Cyber Attacks

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

SEPTEMBER 2, 2019

For many years, Dye was a system administrator for Optinrealbig , a Colorado company that relentlessly pimped all manner of junk email, from mortgage leads and adult-related services to counterfeit products and Viagra. ” A slide from an ARIN presentation in 2016 that referenced Adconion.

Media

Media Government Marketing Internet

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

” At present, Synology PSIRT has seen no indication of the malware exploiting any software vulnerabilities.” The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, .

Ransomware

Ransomware System Administration Malware Authentication

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

What’s more, Tyler said the malicious app they tested was not visible as an add-in at the individual user level; only system administrators responsible for managing user accounts could see that the app had been approved.

Phishing

Phishing Passwords Accountability Authentication

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

com is no longer responding, but a cached copy of it from Archive.org shows that for about four years it included in its HTML source a Google Analytics code of US-2665744 , which was also present on more than a dozen other websites. md , and that they were a systems administrator for sscompany[.]net. com, such as abuseipdb[.]com

Malware

Malware VPN Internet Internet

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

“The attacker could present to the user a removable drive, or remote share, that contains a malicious.LNK file and an associated malicious binary,” reads the advisory published by Microsoft. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

System Administration

System Administration Advertising Internet Internet

Complicated Active Directory setups are undermining security

Malwarebytes

JUNE 24, 2021

The researchers have written a paper (pdf) about Active Directory Certificate Services (AD CS) to raise awareness for both attackers and defenders alike of the security issues surrounding this complex, widely deployed, and often misunderstood system. They will also present this material at BlackHat USA 2021. Offensive tools.

Authentication

Authentication System Administration Passwords

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Security Affairs

OCTOBER 3, 2023

Our investigation revealed that this remote endpoint is associated with criminal activities dating back to 2019, indicating that these hosts were likely under the control of the same technical administration. Example of a LockBit victim showing the “WIN-LIVFRVQFMKO” hostname.

Scams

Scams Ransomware System Administration Malware

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. Presented with the information gathered for this report (and more that is not published here), Mr. Tretyakov acknowledged that Semen7907 was his account on sysadmins[.]ru, Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

Caketap, a new Unix rootkit used to siphon ATM banking data

Security Affairs

MARCH 18, 2022

In order to identify CAKETAP running on a Solaris system, administrators can check for the presence of a hook installed in the ipcl_get_next_conn hook function. The actor uses their skill and experience to take full advantage of the decreased visibility and security measures that are often present in Unix and Linux environments.

Banking

Banking Telecommunications System Administration Hacking

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Security Affairs

OCTOBER 14, 2018

Alexey is a Russian-speaking cyber vigilante that decided to fix the MikroTik routers and he claims to be e system administrator. The experts at Tenable Research presented the technique on October 7 at DerbyCon 8.0

Cryptocurrency

Cryptocurrency System Administration Advertising Hacking

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

JANUARY 14, 2019

The concept was based on the root access that the accounts provided to IT and systems administrators, who used these power accounts to maintain the network and systems. Privileged accounts were typically shared, anonymous accounts that provided the user all-powerful access to the data and information systems on a network.

Accountability

Accountability Risk Technology System Administration

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. I'ill share detailed information about my presentation and vulnerabilities very soon! Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year.

System Administration

System Administration Passwords DNS Advertising

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

Its rather mundane function is to record events in a log for a system administrator to review and act upon, later. Left unpatched Log4Shell vulnerabilities present easy paths for a threat actor to take full control of the underlying system.

Firewall

Firewall Internet Internet Digital transformation

Five Eyes Intelligence agencies warn of popular hacking tools

Security Affairs

OCTOBER 12, 2018

To aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.” Their widespread availability presents a challenge for network defense and threat-actor attribution.” Credential Stealer: Mimikatz.

Hacking

Hacking System Administration Advertising Engineering

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

One of the defining signatures of PerSwaysion is that it spreads like wildfire jumping from one victim to another while no malware is present on a user device during the attack. However, this is a specially crafted presentation page which abuses Sway default borderless view. PerSwaysion is a highly-targeted phishing campaign.

Phishing

Phishing Accountability Financial Services Cloud Migration

Managed or Unmanaged Device? Duo’s Device Trust Has You Covered

Duo's Security Blog

MAY 11, 2022

For example, users can access their email only from devices that have the latest version of Operating System and security patches installed, and host firewall is enabled. Duo’s Device Health application also collects unique device identifiers (UUIDs) to verify whether that the device is enrolled in the enterprise management system.

Firewall

Firewall VPN System Administration Encryption

What Real-Life SaaS Attack Misconfiguration Exploits Can Teach Us

IT Security Guru

APRIL 12, 2022

One slight misconfiguration or unsafeguarded user permission presents a possible attack vector. The use of legacy protocols such as POP or IMAP, make it difficult for system administrators to set up and activate MFA. The thing is that most organizations now have hundreds of SaaS apps.

CISO

CISO Passwords System Administration Marketing

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

. “Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users. Hackers could read, send or delete emails from any user. “ reports Radio-Canada.

Hacking

Hacking System Administration Advertising Accountability

Why we fail at getting the cybersecurity basics right, with Jess Dodson: Lock and Code S02E21

Malwarebytes

NOVEMBER 8, 2021

After poking around with the app on two separate devices, Moussouris discovered that she could easily eavesdrop on conversations without having her user icon present in a room. As our guest on today’s episode of Lock and Code explains, there are huge risks in failing to get these basics right. That is the risk.

Cybersecurity

Cybersecurity System Administration Ransomware Backups

New Paper: “Autonomic Security Operations?—?10X Transformation of the Security Operations Center”

Anton on Security

JULY 21, 2021

I’m pretty sure that Windows NT system administrators of the 1990s also did not want to become part of DevOps… Next, what about the other part of the SOC, namely the “C”? As you learn from our new paper on autonomic security operations , we are presenting this very vision of future security operations.

System Administration

System Administration Engineering CISO Technology

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

With the shortlist of widely exploited vulnerabilities, system administrators and security teams can quickly identify and patch key vulnerabilities to prevent malicious actors from exploiting the weaknesses. Most of these vulnerabilities have been around for years, but they are actively under attack. How to Use the CISA Catalog.

Ransomware

Ransomware Encryption Backups Accountability

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

eSecurity Planet

JULY 13, 2023

“This tool presents itself as a blackhat alternative to GPT models, designed specifically for malicious activities.” SlashNext conducted research on the use of generative AI tools by malicious actors in collaboration with Daniel Kelley, a former black hat computer hacker and expert on cybercriminal tactics.

Cybercrime

Cybercrime Phishing System Administration Marketing

US authorities charged Dridex gang members for stealing over $100 Million

Security Affairs

DECEMBER 7, 2019

For example, the indictment alleges that the Bugat malware allowed computer intruders to hijack a computer session and present a fake online banking webpage to trick a user into entering personal and financial information.”

Banking

Banking Malware Cybercrime Accountability

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Denying anything happened gives system administrators more time to identify and patch newly discovered vulnerabilities. Admitting publicly that a cyberattack effectively brought a multibillion-dollar business to a halt for the better part of a day would, first and foremost, have the potential to encourage further attacks.

Hacking

Hacking Data privacy Artificial Intelligence System Administration

DiceyF deploys GamePlayerFramework in online casino development studio

SecureList

OCTOBER 17, 2022

One of several presentations by our GReAT researchers included an interesting set of APT activity targeting online casino development and operations environments in Southeast Asia. A recorded video of the presentation is already online. Retrieves various system information, namely: Local network IP addresses. GetSystemInfo.

Malware

Malware Encryption Social Engineering System Administration

PrintNightmare 0-day can be used to take over Windows domain controllers

Malwarebytes

JULY 1, 2021

They were working on a presentation to be held at the Black Hat security conference. A different team of researchers had also found an RCE vulnerability in the Print Spooler service. They called theirs PrintNightmare and believed it was the same as CVE-2021-1675.

System Administration

System Administration Backups Marketing Engineering

ETWHash – “He who listens, shall receive”

LRQA Nettitude Labs

MAY 3, 2023

GitHub: [link] Microsoft ETW (Event Tracing for Windows) is a logging mechanism integrated into the Windows operating system that enables the generation of diagnostic and tracing messages by applications. The released POC code can be found here.

Authentication

Authentication System Administration Technology

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

The Security Ledger

MAY 16, 2024

Starting out on a help desk, Chris worked his way up to roles as a system administrator and network engineer, eventually taking the IT helm at a power provider with a portfolio of over 30 North American plants, including three nuclear facilities.

CSO

CSO Risk Energy and Utilities Social Engineering

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

SecureWorld News

JUNE 18, 2020

The page above reveals the bottom line of this report: "This wake-up call presents us with an opportunity to right longstanding imbalances and lapses, to reorient how we view risk, redacted.We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.".

Cybersecurity

Cybersecurity Authentication Government System Administration

Black Kingdom ransomware

SecureList

JUNE 17, 2021

The adversary behind Black Kingdom adapted parts of the code, adding features that were not originally presented in the builder, such as the hardcoded key or communication with the mega.io Notify your supervisors as soon as possible. Based on our telemetry we could see only a few hits by Black Kingdom in Italy and Japan.

Ransomware

Ransomware Encryption VPN System Administration

Topic-specific policy 2/11: physical and environmental security

Notice Bored

OCTOBER 12, 2021

For instance, electric valve and sluice gate controllers on a sewage treatment plant that are computerised and networked smart things are at risk from malware, hackers, inept system administration or configuration errors, software design flaws and programming bugs, mechanical problems, power glitches and more.

Manufacturing

Manufacturing Risk System Administration Information Security

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

Recent years presented a torrent of research showing how vulnerable RDP systems are for organizations not taking additional cybersecurity precautions. A few days later, IT systems started malfunctioning with ransom messages following.

VPN

VPN Software Authentication Encryption

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Compared to Broken Access Control, Sensitive Data Exposure contained a greater number of low-risk vulnerabilities, but high-risk ones were present as well. During one of the projects, an SQL injection into an application that was open to signup by any internet user let us obtain the credentials of an internal system administrator.

Passwords

Passwords Authentication Architecture Risk

What Are the Best Cybersecurity Certifications in 2023?

SecureWorld News

JUNE 12, 2023

As well as knowledge sharing, this network can present new opportunities in terms of career advancement, collaborations, and partnerships. Professional networking When completing a certification, you will be given the opportunity to meet other people working in the industry, helping you develop an invaluable professional network.

Cybersecurity

Cybersecurity Cyber threats Marketing Threat Detection

SPOTLIGHT: Women in Cybersecurity

McAfee

NOVEMBER 3, 2020

There are new and expanding opportunities for women’s participation in cybersecurity globally as women are present in greater numbers in leadership. Elizabeth got her start in technology with Metropolitan Regional Information Systems (MRIS), the nation’s largest Multiple Listing Service (MLS) and real estate information provider.

Cybersecurity

Cybersecurity Architecture Cloud Migration Risk

Most Common SSH Vulnerabilities & How to Avoid Them

Security Boulevard

DECEMBER 2, 2022

In most organization system administrators can disable or change most or all SSH configurations; these settings and configurations can significantly increase or reduce SSH security risks. When a Secure Shell client logs into a server for the first time, the server presents this ‘host key’ and essentially says “hi, this is me.

Risk

Risk Authentication Passwords Accountability

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

eSecurity Planet

JULY 15, 2024

This vulnerability allows attackers to launch pipeline jobs as any user, presenting major risks from unauthorized code execution. System administrators should promptly update to the most recent version (4.98). The problem: CVE-2024-6385 (CVSS score: 9.6) to 17.1.2). While no active exploitation has been confirmed, more than 1.5

Authentication

Authentication Backups Risk Software

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Outlaw cybergang attacking targets worldwide

Trending Sources

Story of the Year: global IT outages and supply chain attacks

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Malware Evolves to Present New Threats to Developers

Passwords Security: Past, Present, and Future

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

StealthWorker botnet targets Synology NAS devices to drop ransomware

Tricky Phish Angles for Persistence, Not Passwords

Who and What is Behind the Malware Proxy Service SocksEscort?

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Complicated Active Directory setups are undermining security

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

A Closer Look at the Snatch Data Ransom Group

Caketap, a new Unix rootkit used to siphon ATM banking data

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

Backdoored Webmin versions were available for download for over a year

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

Five Eyes Intelligence agencies warn of popular hacking tools

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Managed or Unmanaged Device? Duo’s Device Trust Has You Covered

What Real-Life SaaS Attack Misconfiguration Exploits Can Teach Us

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Why we fail at getting the cybersecurity basics right, with Jess Dodson: Lock and Code S02E21

New Paper: “Autonomic Security Operations?—?10X Transformation of the Security Operations Center”

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

Black Hat AI Tools Fuel Rise in Business Email Compromise (BEC) Attacks

US authorities charged Dridex gang members for stealing over $100 Million

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

DiceyF deploys GamePlayerFramework in online casino development studio

PrintNightmare 0-day can be used to take over Windows domain controllers

ETWHash – “He who listens, shall receive”

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

10 Unbelievable Ways the CIA Is Failing at Cybersecurity

Black Kingdom ransomware

Topic-specific policy 2/11: physical and environmental security

Addressing Remote Desktop Attacks and Security

Top 10 web application vulnerabilities in 2021–2023

What Are the Best Cybersecurity Certifications in 2023?

SPOTLIGHT: Women in Cybersecurity

Most Common SSH Vulnerabilities & How to Avoid Them

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

Stay Connected