SSH Keys | Breaking Cybersecurity News | The Hacker News

Cisco Systems has released  security updates  to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as  CVE-2021-40119 , the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite. "An attacker could exploit this vulnerability by connecting to an affected device through SSH," the networking major explained in an advisory, adding "A successful exploit could allow the attacker to log in to an affected system as the root user." Cisco said the bug was discovered during internal security testing. Cisco Policy Suite Releases 21.2.0 and later will also automatically create new SSH keys during installation, while requiring a manual process to change the default SSH keys for devices being upgraded from 21.1.0. Also addressed by Cisco a

Code hosting platform GitHub has  revoked  weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said it's building safeguards to prevent vulnerable versions of GitKraken from adding newly generated weak keys. The problematic dependency, called " keypair ," is an open-source SSH key generation library that allows users to create RSA keys for authentication-related purposes. It has been found to impact  GitKraken  versions 7.6.x, 7.7.x, and 8.0.0, released between May 12, 2021, and September 27, 2021. The flaw — tracked as CVE-2021-41117 (CVSS score: 8.7) — concerns a bug in the pseudo-random number generator used by the library, resulting in the creation of a weaker form of public SSH keys, which, owing to their low entropy — i.e., the measure of randomness — could boost

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo