October 22, 2024 at 06:18AM Cybersecurity researchers identified suspicious npm registry packages designed to steal Ethereum private keys and gain SSH access to victim machines. These packages impersonate legitimate libraries, requiring developers to use them to trigger malware. Previous similar attacks included a malicious package that exfiltrated keys to a server in China. ### Meeting … Read more
April 16, 2024 at 12:14PM Cisco warns about a global large-scale brute force attack targeting VPN and SSH services on various devices. The attack involves a mix of valid and generic employee usernames, started on March 18, 2024, and uses anonymization tools. It targets a range of services and lacks a specific focus, with possible … Read more
April 16, 2024 at 11:07AM The PuTTY version 0.68 through 0.80 contains a vulnerability (CVE-2024-31497) that could allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. It affects systems using ECDSA keys and could be exploited to gain unauthorized access to SSH servers or sign commits as … Read more
April 16, 2024 at 07:27AM PuTTY SSH and Telnet client versions 0.68 through 0.80 are vulnerable to a flaw allowing recovery of private keys. The issue, designated CVE-2024-31497, was discovered by Fabian Bäumer and Marcus Brinkmann. The concern affects PuTTY and several other related products, mitigated in recent versions. Users are advised to update and … Read more
January 10, 2024 at 11:39AM The new Mirai-based botnet NoaBot is used by threat actors for a crypto mining campaign since 2023. It includes a wormable self-spreader and an SSH key backdoor, and has been linked to a Rust-based malware called P2PInfect. NoaBot’s unique features make it difficult to detect, and it has targeted 849 … Read more
October 20, 2023 at 03:47PM Sandu Diaconu, a Moldovan national, has been extradited from the UK to the US to face trial for allegedly operating the illicit marketplace E-Root. The marketplace specialized in selling access to compromised servers and facilitated various illegal activities, including ransomware attacks and fraud. The investigation uncovered over 350,000 compromised credentials … Read more
October 12, 2023 at 09:57AM The ShellBot threat actors are using hexadecimal IP addresses to attack Linux SSH servers and deploy DDoS malware. The malware, also known as PerlBot, breaches servers with weak SSH credentials and then stages DDoS attacks and delivers cryptocurrency miners. The use of hexadecimal IP addresses is an attempt to avoid … Read more
October 11, 2023 at 06:42AM Siemens and Schneider Electric have released their Patch Tuesday advisories for October 2023, addressing over 40 vulnerabilities in their products. Siemens has published a dozen advisories, including vulnerabilities in the Ruggedcom APE1808 platform and Nozomi Networks’ Guardian product. Nozomi has already patched these vulnerabilities. Schneider Electric has released advisories for … Read more