SecureWorld News

JUNE 12, 2023

This article will provide an overview of the best cybersecurity certifications in 2023 and where you can sign up for them. The 5 best cybersecurity certifications in 2023 This section will cover the five best cybersecurity certifications you can complete in 2023. Why are cybersecurity certifications important?

Cybersecurity 90

Cybersecurity Cyber threats Marketing Threat Detection 90

Security Affairs

SEPTEMBER 23, 2023

The City of Dallas revealed that the Royal ransomware gang that hit the city system in May used a stolen account. In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. To prevent the threat from spreading within the network, the City shut down the impacted IT systems.

Ransomware 133

Ransomware Surveillance Healthcare Accountability 133

Security Boulevard

JUNE 13, 2023

This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.

System Administration 52

System Administration Software 52

SecureList

FEBRUARY 26, 2025

Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. The share of vulnerabilities labeled as critical was slightly higher than in Q4 2023. lower than in 2023.

Software 59

Software Authentication System Administration Malware 59

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. “The command requires Windows system administrators,” Truniger’s ads explained. “Experience in backup, increase privileges, mikicatz, network. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware 278

Ransomware Accountability Cybercrime Backups 278

Security Affairs

AUGUST 16, 2023

A threat actor has compromised roughly 2,000 Citrix NetScaler servers exploiting a remote code execution tracked as CVE-2023-3519. Exploits of CVE-2023-3519 on unmitigated appliances have been observed. At the time of writing, approximately 69% of the NetScalers that contain a backdoor are not vulnerable anymore to CVE-2023-3519.

System Administration 98

System Administration VPN Software Hacking 98

Security Affairs

OCTOBER 3, 2023

Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary We investigated a recent LockBit extortion incident that occurred in Q3 2023, which involved an unusual FTP server located in Moscow.

Scams 144

Scams Ransomware System Administration Malware 144

Security Affairs

APRIL 30, 2023

CERT-UA observed the campaign in April 2023, the malicious e-mails with the subject “Windows Update” were crafted to appear as sent by system administrators of departments of multiple government bodies. The threat actors sent the messages from e-mail addresses created on the public service “@outlook.com.”

System Administration 98

System Administration Government Phishing Malware 98

SecureList

DECEMBER 9, 2024

In 2023, cyberattacks using trusted relationships had already become one of the top three most common vectors , with this trend gaining new momentum in 2024. It is a critical tool in various fields, including system administration, development, and cybersecurity.

Internet 111

Internet Internet Risk Social Engineering 111

Security Affairs

MAY 21, 2023

In February 2023, eSentire reported another BatLoader campaign targeting users searching for AI tools. The experts also detailed a separate case, that was observed on May 2023, using a similar infection scheme to advertise a rogue page for Midjourney. “Generative AI technologies and chatbots have exploded in popularity in 2023.

System Administration 98

System Administration Advertising Malware Hacking 98

Penetration Testing

JANUARY 2, 2024

PandoraFMS serves as a central hub for systems administrators to monitor and manage the... The post PandoraFMS Enterprise: Unveiling 18 High-Risk Network Vulnerabilities appeared first on Penetration Testing. NCC Group’s security researchers unearthed 18 vulnerabilities in PandoraFMS Enterprise v7.0NG.767,

Penetration Testing 84

Penetration Testing Risk System Administration 84

Fox IT

AUGUST 15, 2023

An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing webshells on vulnerable NetScalers to gain persistent access. At the time of this exploitation campaign, 31127 NetScalers were vulnerable to CVE-2023-3519. Of the backdoored NetScalers, 1248 are patched for CVE-2023-3519.

Internet 94

Internet Internet System Administration 94

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt.

Ransomware 127

Ransomware Encryption Authentication System Administration 127

eSecurity Planet

JUNE 21, 2022

It’s designed for incident handlers, incident handling team leads, system administrators, security practitioners, and security architects. While registration has closed for 2022, it’s likely to be offered again in 2023. As of mid-2022, pricing for the exam, including two practice tests, is $949. GSE (GIAC Security Expert).

Cybersecurity 120

Cybersecurity Penetration Testing System Administration Cyber Attacks 120

Malwarebytes

JANUARY 31, 2024

Malicious ads The ads are displayed via Google searches for popular search terms related to programs used by IT and system administrators. Based on our own stats from tracked incidents, we have been seeing a rise in reported incidents since summer 2023.

Malware 98

Malware Hacking System Administration Ransomware 98

Security Affairs

MARCH 27, 2023

Introduction During March 2023, we obtained information and data regarding an ongoing malware operation hitting more than 8.000 targets within a few weeks, with a particular emphasis on North American, Italian, and French targets. After this, it downloads the payload and executes it through the “Process.Start”.NET

Malware 98

Malware Social Engineering Encryption Marketing 98

eSecurity Planet

JULY 15, 2024

The problem: CVE-2023-27532 (CVSS score: 7.5) The fix: Veeam addressed CVE-2023-27532 through their upgrades that prevent xp_cmdshell misuse and unauthorized account creation. System administrators should promptly update to the most recent version (4.98). For admins, upgrade immediately to avoid exploitation attempts.

Authentication 109

Authentication Backups Software Risk 109

Malwarebytes

APRIL 17, 2023

Namely, there are scripts using commands that an attacker could use to steal data from the company’s network , but which also resembled legitimate administrative tasks used by IT professionals for various system administration tasks. In February 2023 alone , the LockBit group identified 126 victims onto its leak page.

Ransomware 91

Ransomware Artificial Intelligence System Administration Firewall 91

Thales Cloud Protection & Licensing

DECEMBER 3, 2019

Trillion by 2023 , data security challenges are further poised to go up – unless organizations take a conscious decision to implement a cohesive data protection strategy at an organization level that shuns the traditional siloed approach towards data security. The second layer of the stack covers system-level protection controls.

Digital transformation 104

Digital transformation Encryption Data breaches Big data 104

eSecurity Planet

NOVEMBER 30, 2021

It integrates with Office 365, Google Workspace, Okta and more for both cloud-based and on-premises systems. Administrators can manage MFA rules, password rotations and password requirements, then automate their enforcement. Another 22% plan on adopting SAM practices by 2023 or 2025.

Software 137

Software Accountability Government Passwords 137

Security Affairs

MARCH 14, 2023

As anticipated, the version abused by Makop ransomware operators in recent 2023 intrusions is still version 1.4.1.932, released in January 2019. Advanced Port Scanner part of the Makop arsenal Again, another tool in the Makop arsenal still dates to 2019: the “Everything” tool. Everything is freeware software maintained by Voidtools.

Ransomware 98

Ransomware Software System Administration Encryption 98

SecureWorld News

DECEMBER 11, 2023

In July of 2023, the city of Hayward, California, declared a state of emergency after a cyberattack had degraded their emergency services dispatching capability. System administrators didn't bother locking down their systems, because the possibility of bad actors using them didn't really cross their minds.

Technology 109

Technology Artificial Intelligence Cybercrime Government 109

eSecurity Planet

MAY 27, 2024

This affected system administrators worldwide. The fix: Administrators should download and install the KB5039705 OOB update via Windows Update, WSUS, or the Microsoft Update Catalog. GitLab also patched six medium-severity vulnerabilities, including CSRF via Kubernetes Agent Server, ( CVE-2023-7045 ) and DoS ( CVE-2024-2874 ).

Backups 67

Backups Authentication DDOS Engineering 67

eSecurity Planet

APRIL 28, 2023

In this article, we will define automatic patch management, explain how it operates, go through its benefits and drawbacks, and list some of the best practices and top automated patch management tools of 2023. Software updates are critical for keeping a system’s integrity and security intact.

Software 98

Software Firmware Risk Antivirus 98

eSecurity Planet

SEPTEMBER 11, 2023

September 5, 2023 Atlas VPN Leaks Users’ IP Addresses Type of attack: Zero-Day Vulnerability, a new vulnerability that is often difficult to fix since no patch is available on the market yet. The problem: The vulnerabilities ( CVE-2023-39238 , CVE-2023-39239 and CVE-2023-39240 ), with a CVSS v3.1 score of 9.8

VPN 113

VPN Authentication Firmware Phishing 113

Kali Linux

MARCH 28, 2023

Being a system administrator, a patch could contain a security update to stop a vulnerability. You can read more about it in the release notes of Kali 2023.1 , Kali Purple’s documentation , as well as watch the following talk from Adversary Village at RSAC 2023.

InfoSec 52

InfoSec Penetration Testing Architecture Software 52

Thales Cloud Protection & Licensing

JULY 31, 2023

How to Meet Phishing-Resistant MFA madhav Tue, 08/01/2023 - 05:18 Incorporating multi-factor authentication (MFA) as a fundamental security measure for your organization is now considered standard practice. CISA strongly urges system administrators and other high-value targeted users (attorneys, HR Staff, Top Management.)

Phishing 118

Phishing Authentication Mobile Marketing 118

Security Affairs

JANUARY 10, 2025

The group exploited vulnerabilities in networking equipment, including CVE-2023-28461 (Array Networks), CVE-2023-27997 (Fortinet), and CVE-2023-3519 (Citrix). Campaign B (2023): Exploited software vulnerabilities in networking devices, focusing on semiconductor, manufacturing, and aerospace sectors.

Antivirus 75

Antivirus Malware System Administration Technology 75