#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

PuTTY | Breaking Cybersecurity News | The Hacker News

Category — PuTTY
Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group

Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group

May 29, 2024 Cyber Espionage / Malware
A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware," the Microsoft Threat Intelligence team said in a new analysis. It also characterized the threat actor as using a combination of tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to meet its strategic objectives. The adversary, hitherto tracked by Redmond under the emerging cluster moniker Storm-1789, is assessed to be a state-aligned group that originally exhibited strong t...
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

Apr 24, 2024 Cryptocurrency / Threat Intelligence
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed  Kimsuky , which is also known as Black Banshee, Emerald Sleet, and TA427. "GuptiMiner is a highly sophisticated threat that uses an interesting infection chain along with a couple of techniques that include performing DNS requests to the attacker's DNS servers, performing sideloading, extracting payloads from innocent-looking images, signing its payloads with a custom trusted root anchor certification authority, among others," Avast  said . The intricate and elaborate infection chain, at its core, leverages a security shortcoming in the update mechanism of Indian antivi...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Nov 22, 2024Google Workspace / SaaS Backup
Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamless digital transformation that's both scalable and adaptable. As companies shift from traditional, on-premises setups focused on device security, to more user-centered, hybrid models, Google Workspace is perfectly positioned to support this evolution. Now, the user account itself is the central hub, allowing access from any device or location — a game changer in today's remote and distributed work environments. However, with all this connectivity and flexibility comes a challenge. Google Workspace connects to countless apps and touches every user in the organization, making it an appealing target for cybercriminals. The platform's internet accessibility opens up additional entry points, raisi...
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Apr 16, 2024 Encryption / Network Security
The maintainers of the  PuTTY Secure Shell (SSH) and Telnet client  are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier  CVE-2024-31497 , with the discovery credited to researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum. "The effect of the vulnerability is to compromise the private key," the PuTTY project  said  in an advisory. "An attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key, and then forge signatures as if they were from you, allowing them to (for instance) log in to any servers you use that key for." However, in order to obtain the signatures, an attacker will have to compromise the server for which the key is used to authenticate to. In a message posted on the Open Sou...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

Jan 06, 2024 Malware / Cyber Attack
The  recent wave of cyber attacks  targeting Albanian organizations involved the use of a wiper called  No-Justice . The  findings  come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted." The intrusions have been attributed to an Iranian "psychological operation group" known as Homeland Justice, which has been active since July 2022, specifically orchestrating destructive attacks against Albania. On December 24, 2023, the adversary resurfaced after a hiatus, stating it's "back to destroy supporters of terrorists," describing its latest campaign as #DestroyDurresMilitaryCamp. The Albanian city of Durrës  currently hosts  the dissident group People's Mojahedin Organization of Iran (MEK). Targets of the attack included ONE Albania, Eagle Mobile Albania, Air Albania, and the Albanian parliament. Two of the primary tools deployed during the campaign include an e...
North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

Sep 16, 2022
A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name  UNC4034 . "UNC4034 established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility," Mandiant researchers  said . The utilization of fabricated job lures as a pathway for malware distribution is an oft-used tactic by North Korean state-sponsored actors, including the Lazarus Group, as part of an enduring campaign called  Operation Dream Job . The entry point of the attack is an ISO file that masquerades as an Amazon Assessment as part of a potential job opportunity at the tech giant....
PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

Mar 20, 2019
The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of its software, the developers of PuTTY earlier this week released the latest version 0.71 for Windows and Unix operating systems. According to an advisory available on its website, all previous versions of the PuTTY software have been found vulnerable to multiple security vulnerabilities that could allow a malicious server or a compromised server to hijack client's system in different ways. Here below I have listed all 8 vulnerabilities with brief information that PuTTY 0.71 has patched: 1) Authentication Prompt Spoofing — Since PuTTY doesn't have a way to indicate whether a piec...
Expert Insights / Articles Videos
Cybersecurity Resources