2021, System Administration and VPN - Cyber Security Informer

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes

APRIL 21, 2021

PCS provides Virtual Private Network (VPN) facilities to businesses, which use them to prevent unauthorized access to their networks and services. The new vulnerability (CVE-2021-22893) is a Remote Code Execution (RCE) vulnerability with a CVSS score of 10—the maximum—and a Critical rating. The new vulnerability. The post Take action!

VPN

VPN Authentication Malware System Administration

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

As remote desktop solutions are prevalent among IT and managed service providers (MSP), downstream clients can be at risk, as Kaseya experienced in 2021. In November 2021, an unauthorized third party called a Robinhood customer support employee and, through social engineering , gained access to the company’s customer support systems.

VPN

VPN Software Authentication Encryption

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were then able to use the “PrintNightmare” Windows Print Spooler vulnerability ( CVE-2021-34527 and CVE-2021-36958 ) to obtain administrator privileges. Inactive Accounts and Default Configurations.

VPN

VPN Accountability Authentication Passwords

Black Kingdom ransomware

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). March 2021. CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065.

Ransomware

Ransomware Encryption VPN System Administration

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

CNA’s network was compromised in March 2021. “With elevated privileges, the Threat Actor moved laterally within the environment to conduct reconnaissance and establish persistence onto certain systems within the environment. Data stolen but untouched.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. Threat actors can use WFP to escalate their privileges on Windows.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. Threat actors can use WFP to escalate their privileges on Windows.

VPN

VPN Authentication Mobile Firewall

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Enforce MFA on all VPN connections [ D3-MFA ]. Ensure that you have dedicated management systems [ D3-PH ] and accounts for system administrators. Disable unused or unnecessary network services, ports, protocols, and devices [ D3-ACH ] [ D3-ITF ] [ D3-OTF ]. Protect these accounts with strict network policies [ D3-UAP ].

Telecommunications

Telecommunications Authentication Passwords Accountability

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack. When administrators noticed suspicious behavior on Friday, Kaseya shut down VSA. VSA server breached. The breach mindset.

Ransomware

Ransomware Software B2B System Administration

DiceyF deploys GamePlayerFramework in online casino development studio

SecureList

OCTOBER 17, 2022

Malware distribution via an employee monitoring system and a security package deployment service. In November 2021, multiple PlugX loaders and payloads were detected in a network, which is often a wearisome topic to investigate. Retrieves various system information, namely: Local network IP addresses. 2021-11-10.

Malware

Malware Encryption Social Engineering System Administration

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines. The module also exfiltrates 2FA secrets from Twilio’s Authy local storage.

Malware

Malware Social Engineering Encryption Marketing

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

In another publication , Google also followed up on the activities of a similar vendor named Cytrox that had leveraged four 0-day vulnerabilities in a 2021 campaign. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company. The next WannaCry.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Who and What is Behind the Malware Proxy Service SocksEscort?

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Trending Sources

Addressing Remote Desktop Attacks and Security

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Black Kingdom ransomware

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

China-linked threat actors have breached telcos and network service providers

Kaseya Breach Underscores Vulnerability of IT Management Tools

DiceyF deploys GamePlayerFramework in online casino development studio

Updates from the MaaS: new threats delivered through NullMixer

Advanced threat predictions for 2023

Stay Connected