Hacking, Internet and System Administration

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors. But that 2016 story came on the heels of an exclusive about the hacking of vDOS — at the time the world’s most popular and powerful DDoS-for-hire service.

DDOS

DDOS Internet Internet System Administration

SolarWinds Detected Six Months Earlier

Schneier on Security

MAY 3, 2023

The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Engineering Internet

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. Here’s what I took away from our discussion: Transient hacks. This quickly gets intricately technical.

Hacking

Hacking Energy and Utilities System Administration Accountability

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Krebs on Security

NOVEMBER 8, 2021

If it sounds unlikely that a normal Internet user could make millions of dollars unmasking the identities of REvil gang members, take heart and consider that the two men indicted as part this law enforcement action do not appear to have done much to separate their cybercriminal identities from their real-life selves. Among those was carder[.]su,

Ransomware

Ransomware Cybercrime System Administration Passwords

Yandex security team caught admin selling access to users’ inboxes

Security Affairs

FEBRUARY 12, 2021

Russian internet and search company Yandex discloses a data breach, a system administrator was selling access to thousands of user mailboxes. The employee was one of three system administrators with the necessary access rights to provide technical support for the service. SecurityAffairs – hacking, data breach).

System Administration

System Administration Data breaches Accountability Passwords

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS.

Advertising

Advertising Cybercrime System Administration Hacking

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

The Last Watchdog

AUGUST 15, 2022

And if an enterprise is under an active ransomware attack, or a series of attacks, that’s a pretty good indication several other gangs of hacking specialists came through earlier and paved the way. So they used a hacking tool with a bit of living-off- the-land technique. Configure system administrative tools more wisely.

Ransomware

Ransomware System Administration Cyber Attacks Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. SocksEscort[.]com

Malware

Malware VPN Internet Internet

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Krebs on Security

JUNE 9, 2020

City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin.

Ransomware

Ransomware System Administration Backups Technology

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

Nitrogen shelling malware from hacked sites

Malwarebytes

JANUARY 31, 2024

The threat actors seem to have a preference for hosting their payloads on compromised WordPress sites, many of which are already hacked with malicious PHP shell scripts. Malicious ads The ads are displayed via Google searches for popular search terms related to programs used by IT and system administrators.

Malware

Malware Hacking System Administration Ransomware

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

Security Affairs

MARCH 1, 2019

“Mail server, domain administrator and system administrator accounts were all affected, giving cyberespions access to the past and current passwords of more than 2,000 ICAO system users. The hackers scan the Internet for vulnerable servers that could lead to compromising valuable targets. “In

Hacking

Hacking Advertising System Administration Media

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

For starters the ring is aimed at system administrators and senior executives, but could eventually go mainstream. based Black Girls Hack and London-based Security Blue Team. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Software

Software Technology Mobile Cybersecurity

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

Here are the key takeaways: Lower-tier hacks. No organization wants to find itself having to recover from a devastating ransomware hack – or dealing with an unauthorized intruder who has usurped control of its operational systems. But that only served as a dinner bell to criminal hacking rings.

Accountability

Accountability Passwords Hacking Cyber Risk

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“The command requires Windows system administrators,” Truniger’s ads explained. Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 “Experience in backup, increase privileges, mikicatz, network. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

. “Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection. “Check whether your NAS is exposed to the Internet.” SecurityAffairs – hacking, QNAP NAS ). Pierluigi Paganini.

Ransomware

Ransomware Internet Internet Encryption

StealthWorker botnet targets Synology NAS devices to drop ransomware

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware

Ransomware System Administration Malware Authentication

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . SecurityAffairs – Curveball, hacking). The Malware Threat behind CurveBall.

Malware

Malware Advertising System Administration Risk

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Security Affairs

MARCH 11, 2020

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity. Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues have been rated as critical severity.

System Administration

System Administration Advertising Internet Internet

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

No wonder Russia has been preparing to cut itself off from the global internet, hoping to move key government institutions to a sovereign Runet – a pan-Russian web limited to the Federation – to make them less prone to cyber attacks. Ideally, VNC should be used only with authenticated users, such as system administrators.

Authentication

Authentication Cyber Attacks System Administration Internet

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

The CISA agency provides recommendations for system administrators and owners to enhance the level of security of their organizations: Maintain up-to-date antivirus signatures and engines. Keep operating system patches up-to-date. Scan all software downloaded from the Internet prior to executing. Pierluigi Paganini.

Malware

Malware Government Passwords Advertising

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Security Affairs

MARCH 10, 2020

“They exhibit extensive knowledge of systems administration and common network security misconfigurations, perform thorough reconnaissance, and adapt to what they discover in a compromised network.” SecurityAffairs – hacking, Human-operated ransomare). ” reads the post published by Microsoft.

Ransomware

Ransomware Cybercrime Social Engineering Banking

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

MARCH 30, 2020

Related: Micro-segmentation taken to the personal device level The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well. It gives system administrators a way to secure each microsegment, separately.

Firewall

Firewall Marketing Digital transformation Cloud Migration

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

OCTOBER 17, 2018

The exploitation of this vulnerability could cause major problems on the Internet. million servers running RPCBIND on the Internet. “We then decided to open a server with port 111 exposed on the Internet, with the same characteristics as those who were attacking us and we were monitoring that server for weeks.

DDOS

DDOS Internet Internet Advertising

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

Webmin is an open-source web-based interface for system administration for Linux and Unix. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 217,000 instances, most of them located in the United States, France and Germany. SecurityAffairs – Webmin, hacking). Pierluigi Paganini.

Passwords

Passwords System Administration Advertising DNS

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

The Center for Internet Security (CIS) has a reference that can help system administrators and security teams establish a benchmark to secure their Docker engine. Security Affairs – Docker APIs, hacking). Ensure that container images are authenticated, signed, and from a trusted registry (i.e., Pierluigi Paganini.

Engineering

Engineering Cryptocurrency Advertising System Administration

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Cashdollar explained that threat actors started scanning the Internet for Intel systems that would accept files over SSH port 22 to maximize their efforts. Summarizing, crooks extended the list of targets passing from Arm and MIPS-powered devices to Intel systems. . ” Cashdollar concludes.

IoT

IoT Cryptocurrency Malware Advertising

Thousands of RDM refrigeration systems exposed online are at risk

Security Affairs

FEBRUARY 10, 2019

“They all come with a default username and “1234” as the default password, which is rarely changed by system administrators.” SecurityAffairs – refrigeration systems, hacking). The post Thousands of RDM refrigeration systems exposed online are at risk appeared first on Security Affairs.

Risk

Risk Passwords Advertising System Administration

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Security Affairs

APRIL 26, 2021

. “According to the affidavit, foreign law enforcement agents, working in coordination with the FBI, gained lawful access to Emotet servers located overseas and identified the Internet Protocol addresses of approximately 1.6 SecurityAffairs – hacking, Emotet). ” stated the DoJ. . Pierluigi Paganini.

Malware

Malware Banking System Administration Hacking

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

NOVEMBER 12, 2018

Ransomware, business email compromises and direct ACH system hacks continue to morph and intensify. Many companies are taking it a step further, selecting certain techies to also receive advanced training and pursue specialty CompTIA certifications in disciplines such as ethical hacking and penetration testing.

Penetration Testing

Penetration Testing System Administration Cybersecurity Ransomware

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network [ D3-NI ]. Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ]. SecurityAffairs – hacking, China-linked threat actors). Pierluigi Paganini.

Telecommunications

Telecommunications Authentication Passwords Accountability

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

Many used browsers that they were accustomed to, not browsers of choice, or default browsers set by organizations, such as the Internet Explorer. It could be compromised directly or by hacking the account of someone with access to the website management. The year 2016 saw banks in Russia hacked one after another.

Cybercrime

Cybercrime Banking Malware Ransomware

SolarWinds Detected Six Months Earlier

Security Boulevard

MAY 3, 2023

The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Internet Internet

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

NOVEMBER 28, 2018

Both were well-equipped to teach, test and train individuals ranging from teen-agers and non-technical adults, to working system administrators and even seasoned tech security pros. The Ann Arbor-based nonprofit began as a partnership among three state universities in 1966 and is one of the original building blocks of the Internet.

Cybersecurity

Cybersecurity System Administration Manufacturing Hacking

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

One of the most vulnerable areas that hackers use to infiltrate a company’s system is the network. The Internet network is vulnerable as cybercriminals are lurking online, waiting to intercept loopholes for hacking systems. Company systems require various software programs to function. Data Security.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

The Roboto botnet spreads by compromising systems by exploiting the Webmin RCE vulnerability tracked as CVE-2019-15107 to drop its downloader module on Linux servers running vulnerable installs. Webmin is an open-source web-based interface for system administration for Linux and Unix.

DDOS

DDOS Advertising System Administration DNS

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

Is hacking a crime? Bryan McAninch (Aph3x) talks about his organization, Hacking Is Not A Crime , and the ethical line it draws on various hacking activities. I used to hack the phone company quite a bit. I was like living in our systems for years and I want to get in some trouble for that.

Hacking

Hacking Technology InfoSec Media

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Kaseya’s flagship product is a remote monitoring and management (RMM) solution called the Virtual Systems Administrator (VSA) and is the product at the center of the current attack. When administrators noticed suspicious behavior on Friday, Kaseya shut down VSA. VSA server breached. Backup data regularly.

Ransomware

Ransomware Software B2B System Administration

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

The gang leverages exposed remote administration services and internet-facing vulnerabilities to gain and maintain access to victim networks. Makop gang did not conduct any significative retooling since 2020, which is a clear indicator of their effectiveness even after three years and hundreds of successful compromises.

Ransomware

Ransomware Software System Administration Encryption

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Looking back at past leaks of private companies providing such services, such as in the case of Hacking Team, we learned that many states all over the world were buying these capabilities, whether to complement their in-house technologies or as a stand-alone solution they couldn’t develop. Hack-and-leak is the new black (and bleak).

Firmware

Firmware Surveillance Mobile Telecommunications

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

The Security Ledger

MAY 16, 2024

For Hacking. Today, malicious actors from cybercriminal ransomware gangs to nation-state affiliated hacking groups are teeing up vulnerable operational technology (OT) environments.

CSO

CSO Risk Energy and Utilities Social Engineering

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

IT Security Guru

JANUARY 12, 2021

IoT (Internet of Things) Security. System Administrator (or, sysadmin). Hang out with the folk in the Reddit communities , ask them specific questions, and put on your ethical hacking skills to test—to check if you are really cut out for a long-term commitment in cybersecurity. Secure Software Development. Secure DevOps.

Cybersecurity

Cybersecurity Government IoT Penetration Testing

2021 Hispanic Heritage Month Pt. 1: A Celebration of Hispanic Heritage and Hope

McAfee

OCTOBER 4, 2021

I started to learn more about how the Internet worked and one thing led to the other. When I was introduced to Linux, I immediately fell in love with it, and this increased my curiosity.

InfoSec

InfoSec System Administration Cybersecurity Engineering

Check: that Republican audit of Maricopa

Security Boulevard

SEPTEMBER 24, 2021

One could argue more Windows logs need to be preserved, but that would simply mean archiving the from the C: drive onto the D: drive, not that you need to connect to the Internet to centrally log files. If CISA still has it in their recommendations for election systems, then CISA is wrong. Credential Management. It’s not true.

Software

Software Computers and Electronics Accountability Firewall

DDoS Mitigation Firm Founder Admits to DDoS

SolarWinds Detected Six Months Earlier

Trending Sources

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

REvil Ransom Arrest, $6M Seizure, and $10M Reward

Yandex security team caught admin selling access to users’ inboxes

Meet the Administrators of the RSOCKS Proxy Botnet

Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace

Who and What is Behind the Malware Proxy Service SocksEscort?

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

USBAnywhere BMC flaws expose Supermicro servers to hack

Nitrogen shelling malware from hacked sites

Only now we known that International Civil Aviation Organization (ICAO) was hacked in 2016

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

A Closer Look at the Snatch Data Ransom Group

How to secure QNAP NAS devices? The vendor’s instructions

StealthWorker botnet targets Synology NAS devices to drop ransomware

Yomi Hunter Catches the CurveBall

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Hacker breaches key Russian ministry in blink of an eye

US govt agencies share details of the China-linked espionage malware Taidoor

Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Backdoored Webmin versions were available for download for over a year

Crooks continue to abuse exposed Docker APIs for Cryptojacking

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Thousands of RDM refrigeration systems exposed online are at risk

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

China-linked threat actors have breached telcos and network service providers

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SolarWinds Detected Six Months Earlier

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Roboto, a new P2P botnet targets Linux Webmin servers

The Hacker Mind Podcast: Ethical Hacking

Kaseya Breach Underscores Vulnerability of IT Management Tools

Dissecting the malicious arsenal of the Makop ransomware gang

Advanced threat predictions for 2023

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

Just What Does It Take to Develop a Career in the Cybersecurity Domain?

2021 Hispanic Heritage Month Pt. 1: A Celebration of Hispanic Heritage and Hope

Check: that Republican audit of Maricopa

Stay Connected