Security BSides Dublin 2021 – Jayme Hancock’s ‘Weaponizing Systems Administration: Leveraging IT Skills In Penetration Testing’

Security Boulevard

The post Security BSides Dublin 2021 – Jayme Hancock’s ‘Weaponizing Systems Administration: Leveraging IT Skills In Penetration Testing’ appeared first on Security Boulevard.

How a Systems Administrator Role Preps You for a Cybersecurity Career

CompTIA on Cybersecurity

IT Security Specialist Jason Hernandez believes systems administration is valuable experience for IT pros – especially for those interested in cybersecurity

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A Comparison Guide to Network Administrator vs. Systems Administrator Roles

USD on Cyber Security

Computer systems and networks. Networks and systems. It’s true that some terminology — for example, the job titles network administrator and systems administrator — are often used interchangeably. What’s the difference?

FBI warns of escalating Pysa ransomware attacks on education orgs

Bleeping Computer

The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions. [.].

Yandex suffers data breach after sysadmin sold access to user emails

Bleeping Computer

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [.].

Microsoft asks admins to patch PowerShell to fix WDAC bypass

Bleeping Computer

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials. [.].

NSA shares guidance on securing voice, video communications

Bleeping Computer

The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. [.].

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

The Hacker News

Florida-based software vendor Kaseya on Sunday rolled out software updates to address critical security vulnerabilities in its Virtual System Administrator (VSA) software that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain ransomware attack.

Boosting Security Effectiveness with 'Adjuvants'

Dark Reading

How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program

Kaseya Ransomware Supply-Chain Attack: What We Know So Far

Digital Shadows

On 02 July 2021, details started to emerge of a sophisticated supply-chain attack targeting Kaseya VSA, virtual system administrator software. Cybercrime and Dark Web Research Cyber Threats Cybercrime Kaseya Ransomware

Yandex Employee Caught Selling Access to Users' Email Inboxes

The Hacker News

The employee was one of three system administrators with the necessary accessRussian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence

The Hacker News

A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday.

NSA Urges SysAdmins to Replace Obsolete TLS Protocols

Threatpost

The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols. Government Vulnerabilities and Defense Industrial Base CloudFlare Department of Defense (DoD) government Heartbleed National Security System (NSS) NSA SSL TLS 1.0

Kaseya Starts Recovery After REvil Attack

Security Boulevard

Kaseya is now reporting the software-as-a-service (SaaS) instance of its Virtual System Administrator (VSA) platform will be back online sometime between 4:00 p.m.

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. The employee was one of three system administrators with the necessary access rights to provide technical support for the service.

What Security Lessons Can Come From the Kaseya Ransomware Attack?

Security Boulevard

One of the latest examples in this trend is a ransomware attack on Kaseya’s Virtual System Administrator (VSA) solution for remote monitoring and management (RMM). This year will be remembered as annus horribilis for attacks against the software supply chain.

Log4J: What You Need to Know

Adam Levin

Unfortunately, there isn’t much that can be done by laypersons; the Log4J vulnerability needs to be addressed and patched by server and system administrators.

Unified Endpoint Management Explained: (Why) Does Your Company Need One?

Heimadal Security

Gone are the days when a lone system administrator would perch upon the ledge of your desk to help you with menial tasks like connecting to the company’s wireless printer or installing a piece of software no one has heard about – totally understandable seeing how your average SMB has 700+ endpoints, each with its […].

Chinese Hackers Stole an NSA Windows Exploit in 2014

Schneier on Security

Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control.

Microsoft’s New Security Update Guides Get Mixed Reviews

Doctor Chaos

The change was official in April, with Microsoft explaining it would allow system administrators to effectively pair specific patches with vulnerabilities, and that the introduction of API support would help customers automate some aspects of patching. Microsoft is receiving mixed reviews for its shift to delivering security update information via its newly launched Security Update Guides.

What Is an Intrusion Prevention System – IPS? Definition and Benefits

Heimadal Security

The term IPS stands for Intrusion Prevention System and refers to a form of network security that aims to detect and prevent identified threats. An IPS system continuously monitors a network, looking for possible malicious activity and gathering information about it.

September Patch Tuesday: 66 Bulletins, Only 3 Critical

Trend Micro

The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins.

Microsoft Patch Tuesday May 2021 fixes 55 vulnerabilities, including 3 zero-days

Security Boulevard

With most organizations embracing a distributed workforce these days, system administrators are bound to be up to their ears in work for the next two weeks, testing and figuring …. This month’s Patch Tuesday is here and the hustle is on.

Working BlueKeep Exploit Developed by DHS

Threatpost

The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000. Hacks Vulnerabilities bluekeep Bluekeep exploit critical vulnerability DHS Exploit Microsoft WannaCry Windows 2000

How to use Zarp for penetration testing

Tech Republic Security

Network or systems administrators must conduct pen testing to discover any possible security weaknesses. Find out why Zarp is a very powerful pen-testing tool to have at your disposal

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

CSO Magazine

Attacks started before ManageEngine issued a patch, so all customers are advised to check their systems for signs of exploitation using a special tool released by the developers.

Google Glitch Left Passwords Unprotected for 14 Years

Adam Levin

Google has begun contacting system administrators whose organizations would have been affected by the glitch to encourage them to change their passwords. Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005.

September 2021 Patch Tuesday comes with fixes for 86 vulnerabilities, including two zero-days

Security Boulevard

With system administrators eagerly waiting for a patch to CVE-2021-40444, this month’s Patch Tuesday comes with fixes for 86 vulnerabilities , including those previously released for Microsoft Edge, out of which three are classified as Critical and 56 as Important ….

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

Threatpost

Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks. Malware backdoor EternalRomance follow on attacks Monero pyromine remote desktop ShadowBrokers smb1

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. . As of May 4, Ghost announced that it had successfully purged the cryptocurrency mining malware from its systems.

Exchange Week 2 – Ransomware Joins The Fray

Security Boulevard

Following exposure and publication of a major remote execution vulnerability like Exchange’s ProxyLogon (CVE-2021-26855), we expect other threat actors to join the race against system administrators trying to patch their systems.

Passwords Security: Past, Present, and Future

Security Boulevard

The recent report on The State Password Security in the Enterprise reveals several essential findings for system administrators and security professionals alike.

BlackByte Ransomware found exploiting ProxyShell vulnerabilities

CyberSecurity Insiders

Microsoft has issued a fix to a similar vulnerability in May this year by patching flaws that were being used by those launching LockFile Ransomware onto compromised systems.

44 vulnerabilities, including 3 zero-days, fixed in August 2021 Patch Tuesday

Security Boulevard

After last month’s PrintNightmare vulnerability, system admins are only just catching their breaths, but this month’s Patch Tuesday is already here, so it’s back to hustling for IT teams. With most organizations embracing a distributed workforce, system administrators are bound ….

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. “We are continuing to do forensic analysis on the system and investigating what data is actually there.”

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya , Miami-based company whose products help system administrators manage large networks remotely. The U.S.

Latest on the SVR’s SolarWinds Hack

Schneier on Security

The New York Times has an in-depth article on the latest information about the SolarWinds hack (not a great name, since it’s much more far-reaching than that). Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R.

Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns

Security Affairs

The flaw is a command injection bug that could be exploited by attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. An attacker could exploit this vulnerability to take control of an affected system.”

Critical Microsoft Windows Vulnerability found

CyberSecurity Insiders

Microsoft Corporation is urging all Windows users including those using Win 7 and 8 operating systems to update their devices with the latest security patches.

Brute Force attack launched by Russia APT28 using Kubernetes

CyberSecurity Insiders

And then is seen accessing the entire network through stolen credentials and sometimes exploiting vulnerabilities in targeting systems. All these days we have seen instances where Kubernetes were used to automate the deployment of containerized applications.

VPN 99

Career Choice Tip: Cybercrime is Mostly Boring

Krebs on Security

The researchers concluded that for many people involved, cybercrime amounts to little more than a boring office job sustaining the infrastructure on which these global markets rely, work that is little different in character from the activity of legitimate system administrators.

Hackers are targeting Soliton FileZen file-sharing servers

Security Affairs

The CVE-2021-20655 vulnerability could be exploited by a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. The vendor recommended changing system administrator account, reset access control, and installing the latest available version.

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

KrebsOnSecurity exposed the co-administrators of vDOS and obtained a copy of the entire vDOS database, including its registered users and a record of the attacks those users had paid vDOS to launch on their behalf.

DDOS 217