Accountability, System Administration and VPN

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes

APRIL 21, 2021

PCS provides Virtual Private Network (VPN) facilities to businesses, which use them to prevent unauthorized access to their networks and services. There is no patch for it yet (it is expected to be patched in early May), so system administrators will need to mitigate for the problem for now, rather than simply fixing it.

VPN

VPN Authentication Malware System Administration

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Inactive Accounts and Default Configurations. Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. MFA was automatically disabled because the account was inactive for a long period.

VPN

VPN Accountability Authentication Passwords

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Duo's Security Blog

JUNE 8, 2023

During the workday, on the other hand, I spend a lot of time talking to systems administrators, security operations analysts, and IT professionals who do love MFA. Compare this to climbing the hill of Windows Logon, VPN logon, and web application logon - all with username, password, and Duo prompt - just to get to work in the morning.

Authentication

Authentication VPN System Administration Engineering

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. version of Superset.

VPN

VPN Authentication Firmware Phishing

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

A few days later, IT systems started malfunctioning with ransom messages following. The system administrator did not configure standard security controls when installing the server in question. Meanwhile, the suspect server was connected to the CDOT domain with an administrator account and the internet.

VPN

VPN Software Authentication Encryption

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Webroot

APRIL 2, 2024

While RDP is a powerful tool for remote administration and support, it has also become a favored vector for brute force attacks for several reasons: Widespread use: RDP is commonly used in businesses to enable remote work and system administration.

Cybersecurity

Cybersecurity Passwords VPN Authentication

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

. “Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

At least 15,000 systems, including devices connected to CNA’s network via VPN, were instantly affected after the threat actors detonated the ransomware. Data stolen but untouched. CNA Prior to executing Phoenix, the threat actors were able to steal important and sensitive information affecting 75,349 individuals.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. An attacker creates a new admin user and logs into an OpenFire account. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.”

VPN

VPN Authentication Mobile Firewall

Beautiful Basics: Lesson 3

Security Boulevard

MAY 28, 2022

If you don’t have fake accounts, computers, and configurations that look vulnerable mixed in with your population of systems you are missing out. System administrators usually know their systems very well. No one should EVER use this account. Finally lets get to the meat of this lesson.

System Administration

System Administration Accountability Passwords VPN

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. An attacker creates a new admin user and logs into an OpenFire account. This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations.”

VPN

VPN Authentication Mobile Firewall

Lessons from a real-life ransomware attack

Malwarebytes

NOVEMBER 1, 2021

To better understand the nuts and bolts of a ransomware attack, we spoke to Ski Kacaroski, a systems administrator who, in 2019, helped pulled his school district out of a ransomware nightmare that encrypted crucial data, locked up vital systems, and even threatened employee pay. That part really, really hurt us.”.

Ransomware

Ransomware Backups System Administration Cyber Insurance

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack. When administrators noticed suspicious behavior on Friday, Kaseya shut down VSA. VSA server breached. Managing supply chain risk.

Ransomware

Ransomware Software B2B System Administration

Black Kingdom ransomware

SecureList

JUNE 17, 2021

Transactions made to a Bitcoin account. com/vpn-service/$(f1)/crunchyroll-vpn. Notify your supervisors as soon as possible. By hiding the truth and not communicating with us, what happened will be published on social media and yet in news websites. Your ID ==> FDHJ91CUSzXTquLpqAnP. Code analysis. File Hashes.

Ransomware

Ransomware Encryption VPN System Administration

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

eSecurity Planet

JULY 15, 2024

Threat actors exploited a weakness in Veeam’s software to create unauthorized accounts such as “VeeamBkp,” allowing for network reconnaissance and data exfiltration. The fix: Veeam addressed CVE-2023-27532 through their upgrades that prevent xp_cmdshell misuse and unauthorized account creation.

Authentication

Authentication Backups Software Risk

Vulnerability Management and the Road Less Traveled

NopSec

OCTOBER 19, 2015

Citrix remote desktop, remote desktops still open through the firewall, and the omnipresent VPN or SSL VPN connections) that an attacker can exploit through the firewall. A NULL session attack is something that system administrators often neglect to consider when hardening networks. How times have changed.

Firewall

Firewall VPN Passwords System Administration

Vulnerability Management in the time of a Pandemic

NopSec

MARCH 16, 2020

For organizations of various sizes that means being able to quickly set up remote working systems to enable employees to work from their homes so that they can protect themselves from being infected. That in turn means answering the following questions: How many VPN terminations do I have and which routable IP addresses they are mapped to?

VPN

VPN Accountability Risk System Administration

DiceyF deploys GamePlayerFramework in online casino development studio

SecureList

OCTOBER 17, 2022

Retrieves various system information, namely: Local network IP addresses. Available privileges (SYSTEM, administrator or normal user). VPN spoofing DLL. PluginDestory [sic]. Shuts down the framework. GetSystemInfo. Network protocol used for C2 communication (hardcoded to Tcpv4 in all discovered samples). rascustoms.dll.

Malware

Malware Encryption Social Engineering System Administration

How to Improve SD-WAN Security

eSecurity Planet

MAY 19, 2022

This cloud-centric model offers administrators granular network management opportunities while leveraging the bandwidth and reducing the cost of service delivery. Many software-defined networking solutions (SDN) have built-in 128- and 256-bit AES encryption and IPsec-based VPN capabilities. Encrypting Data in Transit.

Firewall

Firewall Architecture Software Backups

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines. The module also exfiltrates 2FA secrets from Twilio’s Authy local storage.

Malware

Malware Social Engineering Encryption Marketing

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

A group of teenagers used social engineering to breach Twitter's network and take over the accounts of a whole bunch of A-listers. The teens also took over Twitter accounts of several cryptocurrency companies regulated by the New York State Department of Financial Services (NYDFS). How did the Twitter account takeover attack work?

Social Engineering

Social Engineering Media Scams Financial Services

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

JUNE 22, 2020

To Zoom’s credit, password protection and a “waiting room” feature, which allows the host to control when a participant joins the meeting, are the default settings for its free and single license paid accounts.

Mobile

Mobile Passwords Technology VPN

China-linked APT group MirrorFace targets Japan

Security Affairs

JANUARY 10, 2025

The alert issued by Japan NPA recommends System Administrators to: Implement centralized log management to track breaches, as logs are critical for identifying causes and scope. Regularly monitor network device logs for abnormal activities, like unauthorized logins or unusual VPN behavior.

Antivirus

Antivirus Malware System Administration Technology

Cyber Security Informer

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Trending Sources

Announcing Duo’s Vision to Streamline Authentication & Enhance User Experience

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Addressing Remote Desktop Attacks and Security

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

China-linked threat actors have breached telcos and network service providers

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Beautiful Basics: Lesson 3

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Lessons from a real-life ransomware attack

Kaseya Breach Underscores Vulnerability of IT Management Tools

Black Kingdom ransomware

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

Vulnerability Management and the Road Less Traveled

Vulnerability Management in the time of a Pandemic

DiceyF deploys GamePlayerFramework in online casino development studio

How to Improve SD-WAN Security

Updates from the MaaS: new threats delivered through NullMixer

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

China-linked APT group MirrorFace targets Japan

Stay Connected