New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks

October 8, 2024 at 05:54PM A new scanner, created by Marcus Hitchins, is designed to identify devices vulnerable to the CUPS RCE flaw (CVE-2024-47176). By setting up an HTTP server on the scanning machine, the Python script sends custom UDP packets to the network, eliciting responses from vulnerable devices. The generated results aid system administrators … Read more

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

January 3, 2024 at 10:10AM Nearly 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack, which manipulates sequence numbers during the handshake process to compromise the integrity of SSH channels. This attack affects both clients and servers and was developed by academic researchers from Ruhr University Bochum in Germany. The significance of this … Read more

Terrapin attacks can downgrade security of OpenSSH connections

December 19, 2023 at 12:04PM The Terrapin attack manipulates SSH handshake sequence numbers to sabotage channel integrity, downgrading encryption and allowing message modification in OpenSSH 9.5. It exploits transport layer protocol weaknesses and newer cryptographic algorithms, impacting a majority of SSH implementations. The MiTM requirement makes its threat less severe, with mitigation efforts underway. The … Read more

Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities

November 7, 2023 at 10:03AM OpalOPC is a free tool developed by Molemmat Oy to help industrial organizations identify misconfigurations and vulnerabilities in their OPC UA applications. The tool is recommended for developers, auditors, security testers, and engineers, and offers a graphical user interface and a command-line interface. It is available for both Windows and … Read more