#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Secure Shell | Breaking Cybersecurity News | The Hacker News

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
Apr 12, 2024 Supply Chain Attack / Threat Intelligence
"Test files" associated with the  XZ Utils backdoor  have made their way to a Rust crate known as  liblzma-sys , new  findings  from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the  XZ Utils  data compression software. The impacted version in question is 0.3.2. "The current distribution (v0.3.2) on Crates.io contains the test files for XZ that contain the backdoor," Phylum  noted  in a GitHub issue raised on April 9, 2024. "The test files themselves are not included in either the .tar.gz nor the .zip tags  here on GitHub  and are only present in liblzma-sys_0.3.2.crate that is installed from Crates.io." Following responsible disclosure, the files in question ("tests/files/bad-3-corrupt_lzma2.xz" and "tests/files/good-large_compressed.lzma") have since been removed from liblzma-sys version

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
Apr 02, 2024 Firmware Security / Vulnerability
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as  CVE-2024-3094  (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund alerted to the  presence  of a  backdoor  in the data compression utility that gives remote attackers a way to sidestep secure shell authentication and gain complete access to an affected system. "I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise," Freund said in a post shared on Mastodon. "Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc." "Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea
Feb 08, 2024 Cyber Espionage / Malware
The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called  Troll Stealer . The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W  said  in a new technical report. Troll Stealer's links to Kimsuky stem from its similarities to known malware families, such as AppleSeed and AlphaSeed malware that have been attributed to the group. Kimsuky, also tracked under the names APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (previously Thallium), Nickel Kimball, and Velvet Chollima, is well known for its propensity to steal sensitive, confidential information in offensive cyber operations. In late November 2023, the threat actors were  sanctioned  by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) for gathering intelligence to further North

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

cyber security
websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks
May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
Jan 01, 2024 Encryption / Network Security
Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell ( SSH ) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called  Terrapin  ( CVE-2023-48795 , CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix truncation attack." "By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it," researchers Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk  said . SSH is a  method  for securely sending commands to a computer over an unsecured network. It relies on cryptography to authenticate and encrypt connections between devices. This is accomplished by means of a handshake in which a client and server agree up

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks
Nov 14, 2022
A newly discovered evasive malware leverages the Secure Shell ( SSH ) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed  KmsdBot  by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms. "The botnet infects systems via an SSH connection that uses weak login credentials," Akamai researcher Larry W. Cashdollar  said . "The malware does not stay persistent on the infected system as a way of evading detection." The malware gets its name from an executable named "kmsd.exe" that's downloaded from a remote server following a successful compromise. It's also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86_64. KmsdBot comes with capabilities to perform scanning operatio

Libssh Releases Update to Patch 9 New Security Vulnerabilities

Libssh Releases Update to Patch 9 New Security Vulnerabilities
Mar 19, 2019
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library. According to an  advisory published Monday, all the below listed vulnerabilities that were patched with the release of libssh2 version 1.8.1 lead to memory corruption issues which could result in arbitrary code execution on a client system in certain circumstances. Here's the list of security vulnerabilities patched in Libssh: 1. CVE-2019-3855: Possible integer overflow in transport read that could lead to an out-of-bounds write. A malicious server, or a remote attacker who compromises an SSH server, could send a specially crafted packet which could result in executing malicious

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

LibSSH Flaw Allows Hackers to Take Over Servers Without Password
Oct 17, 2018
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933 , is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving thousands of enterprise servers open to hackers for the last four years. But before you get frightened, you should know that neither the widely used OpenSSH nor Github's implementation of libssh was affected by the vulnerability. The vulnerability resides due to a coding error in Libssh and is "ridiculously simple" to exploit. According to a security advisory published Tuesday, all an attacker needs to do is sending an "SSH2_MSG_USERAUTH_SUCCESS" message to a server with an SSH connection enabled when it expects an &
Expert Insights
Cybersecurity Resources