Collaborate Disseminate
We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts. Continue reading ToddyCat is making holes in your infrastructure
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To b… Continue reading PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
I’m a one man shop. All I care about is having my workstations and server stolen. I plan on running a couple dozen VMs on my server, mostly Linux.
Question is, obviously having unique passwords for each SSH key for each VM is most secure, … Continue reading Unique SSH Keys With Identical Password?
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. Continue reading XZ backdoor story – Initial analysis
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global Internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers. It’s an untenable situation, and one that is being exploited by malicious actors. Yet precious little is being done to remedy it…
hmac-sha256, hmac-sha256@ssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, hmac-sha512, hmac-sha512@ssh.com, hmac-sha2-512, hmac-sha2-512-etm@openssh.com
Can someone help in ordering the above ciphers by security level?
The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone …read more Continue reading This Week in Security: XZ, ATT, and Letters of Marque
For my own (public) servers, is it considered a good idea to only allow ssh connections from VPN connections (OpenVPN, Wireguard or otherwise), to mitigate any possible attacks in the future on ssh?
It seems that ssh is constantly under at… Continue reading Does using a VPN to allow ssh connections provide better security, especially after seeing how CVE-2024-3094 (XZ backdoor) is done?
The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:
Malicious code added to XZ Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote SSH connections. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. No one has actually seen code uploaded, so it’s not known what code the attacker planned to run. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware…
Many threads like this one on reddit are springing up, which is great for spreading awareness of a major CVE. But questionable advice like this occasionally worms its way in:
Check your version with xz -V in the terminal
Now, this obviou… Continue reading Will using the xz binary trigger any call-home mechanism? [closed]