Ransomware, System Administration and VPN

Black Kingdom ransomware

SecureList

JUNE 17, 2021

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The ransomware family was DearCry. Ransomware is written in Python. Background. Technical analysis.

Ransomware

Ransomware Encryption VPN System Administration

Lessons from a real-life ransomware attack

Malwarebytes

NOVEMBER 1, 2021

Ransomware attacks, despite dramatically increasing in frequency this summer , remain opaque for many potential victims. It isn’t anyone’s fault, necessarily, since news articles about ransomware attacks often focus on the attack, the suspected threat actors, the ransomware type, and, well, not much else.

Ransomware

Ransomware Backups System Administration Cyber Insurance

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Malwarebytes

JULY 23, 2021

Two months after fully restoring its systems, CNA Financial, the leading US insurance company that was attacked by a group using Phoenix CryptoLocker ransomware, issued a legal notice of an information security incident to the Consumer Protection Bureau in New Hampshire. Recovering from ransomware. Data stolen but untouched.

Ransomware

Ransomware Unstructured Data Accountability Consumer Protection

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Webroot

APRIL 2, 2024

While RDP is a powerful tool for remote administration and support, it has also become a favored vector for brute force attacks for several reasons: Widespread use: RDP is commonly used in businesses to enable remote work and system administration.

Cybersecurity

Cybersecurity Passwords VPN Authentication

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

With lateral movement across a victim’s IT infrastructure, threat actors can escalate privileges, spread malware , extract data , and disrupt IT services as with ransomware attacks. SamSam Ransomware: Malware Specializing in RDP. A few days later, IT systems started malfunctioning with ransom messages following.

VPN

VPN Software Authentication Encryption

Kaseya Breach Underscores Vulnerability of IT Management Tools

eSecurity Planet

JULY 6, 2021

Managed service providers (MSPs) have long relied on third-party software to manage clients’ IT infrastructure, but a massive ransomware attack launched over the weekend at customers of Kaseya will likely cause MSPs to take a harder look at the security of their IT suppliers. VSA server breached. Preparing for Criminal Enterprise.

Ransomware

Ransomware Software B2B System Administration

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

Some of these attacks are challenging to detect because they look like they could be the behavior of legitimate system administrators. August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools.

VPN

VPN Authentication Mobile Firewall

RDP abused for DDoS attacks

Malwarebytes

JANUARY 29, 2021

And we provided some security measures in our post How to protect your RDP access from ransomware attacks. The RDP service can be configured by Windows systems administrators to run on TCP (usually port 3389) and/or on the UDP port (3389). Put RDP access behind a VPN so it’s not directly accessible.

DDOS

DDOS VPN System Administration Engineering

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

From phishing attacks to ransomware attacks, business owners need to be adequately prepared to prevent further damage. . If you have to work remotely, avoid using public Wi-Fi and activate a VPN (Virtual Private Network). Human errors often lead to data breaches, malware, and virus attacks that might compromise the company’s systems.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

eSecurity Planet

JULY 15, 2024

GitLab disclosed a pipeline flaw and Veeam addressed flaws exploited in active ransomware attacks. Administrators should upgrade promptly to mitigate these hazards. July 11, 2024 Ransomware Group Exploits Veeam Backup & Replication Vulnerability Type of vulnerability: Remote code execution.

Authentication

Authentication Backups Software Risk

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Such discoveries usually lead to massive and indiscriminate exploitation, and compromised machines are sold on dark markets to secondary buyers for the purposes of ransomware deployment. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company.

Firmware

Firmware Surveillance Mobile Telecommunications

How to Improve SD-WAN Security

eSecurity Planet

MAY 19, 2022

This cloud-centric model offers administrators granular network management opportunities while leveraging the bandwidth and reducing the cost of service delivery. Many software-defined networking solutions (SDN) have built-in 128- and 256-bit AES encryption and IPsec-based VPN capabilities. Encrypting Data in Transit.

Firewall

Firewall Architecture Software Backups

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines. The module also exfiltrates 2FA secrets from Twilio’s Authy local storage.

Malware

Malware Social Engineering Encryption Marketing

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. version of Superset.

VPN

VPN Authentication Firmware Phishing

Cyber Security Informer

Black Kingdom ransomware

Lessons from a real-life ransomware attack

Trending Sources

CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack

Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

Addressing Remote Desktop Attacks and Security

Kaseya Breach Underscores Vulnerability of IT Management Tools

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

RDP abused for DDoS attacks

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Vulnerability Recap 7/15/24 – Industry Patches vs Flaw Exploits

Advanced threat predictions for 2023

How to Improve SD-WAN Security

Updates from the MaaS: new threats delivered through NullMixer

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Stay Connected