Cybersecurity Weaknesses
New SSH-Snake Worm-Like Tool Threatens Network Security
Rohan Timalsina | | Cyber Threats, Cybersecurity, cybersecurity defense strategies, cybersecurity threats, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, open source, self-modifying worm, SSH malware, ssh private keys, SSH security, SSH-Snake, SSH-Snake malware, SSH-Snake worm, Sysdig Threat Research Team
The Sysdig Threat Research Team (TRT) discovered that a threat actor is leveraging an open-source network mapping tool called SSH-Snake for malicious activities. This tool utilizes SSH credentials found on the compromised ...
VMWare Urges Users to Uninstall EAP Immediately
Rohan Timalsina | | CVE-2024-22245, CVE-2024-22250, Cybersecurity, cybersecurity defense strategies, cybersecurity threats, Cybersecurity Weaknesses, Enhanced Authentication Plugin, enterprise security, Linux & Open Source News, security, security vulnerabilites, Virtualization, VMware
VMware has issued a no-patch advisory urging users to take swift action by removing the deprecated Enhanced Authentication Plug-in (EAP). EAP was deprecated nearly three years ago, in March 2021, with the ...
Ivanti Pulse Secure Found Using End of Life CentOS 6 OS
Rohan Timalsina | | CentOS 6, CentOS 6 ELS, CentOS 6 End of Life, Cyber Threats, Cybersecurity Weaknesses, Eclypsium, EMBA analysis, enterprise security, Extended Lifecycle Support, Ivanti Connect Secure, Ivanti Policy Secure, Ivanti Pulse Secure, Ivanti security, Ivanti Vulnerabilities, Linux & Open Source News, Linux kernel, Pulse Secure VPN, security vulnerabilites
Ivanti Pulse Secure VPN appliances have recently been a target of several sophisticated attacks, highlighting the ongoing challenges in safeguarding critical IT infrastructure like network devices. UNC5221, a nation-state group, exploited these ...
Unraveling the Threat of New Docker Malware Campaign
Rohan Timalsina | | 9Hits Viewer, Crypto Heists, Crypto miners, Crypto Mining Malware, Cyber Threats, Cybersecurity Weaknesses, Docker Hosts, Docker Hub, Docker Malware, Docker Malware Campaign, Docker Malware Threat, Linux & Open Source News, XMRig miner
In recent times, Docker services have become a focal point for malicious actors seeking innovative ways to monetize their exploits. A recent discovery by cloud security firm Cado unveils a new Docker ...
3 Malicious PyPI Packages Hide CoinMiner on Linux Devices
Rohan Timalsina | | coinminer, Crypto, Crypto miners, Cyber Threats, Cybersecurity, Cybersecurity Weaknesses, Developer Security, Linux & Open Source News, linux systems, open source, PyPI, PyPI malicious packages, Python developers, Python Malware
In a recent cybersecurity revelation, the Python Package Index (PyPI) has fallen victim to the infiltration of three malicious packages: modularseven, driftme, and catme. These packages, although now removed, managed to amass ...
Google Cloud Patched Privilege Escalation Vulnerability
Rohan Timalsina | | Cyber Threats, Cybersecurity Weaknesses, enterprise security, google cloud, Google Cloud Security, Google Cloud vulnerability, Kubernetes Security, Linux & Open Source News, Privilege Escalation, security patches
Recently, Google Cloud addressed a medium-severity security vulnerability that could potentially be exploited by attackers with access to a Kubernetes cluster. This flaw, discovered and reported by Palo Alto Networks Unit 42, ...
Attackers Targeting Poorly Managed Linux SSH Servers
Rohan Timalsina | | Crypto miners, Cyber Threats, Cybersecurity, cybersecurity defense strategies, Cybersecurity Weaknesses, DDoS attacks, DDoS botnet, dictionary attacks, enterprise security, Linux & Open Source News, Linux SSH Servers, Malware, shellbot, SSH malware, SSH security
In recent times, Linux SSH servers have become a prime target for attackers aiming to compromise security and exploit vulnerabilities for malicious activities. This article delves into the growing concern surrounding poorly ...
Understanding the Terrapin Attack: A New Threat to OpenSSH
Rohan Timalsina | | Cyber Threats, Cybersecurity, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, openssh, OpenSSH security, security vulnerabilites, SSH channel, Terrapin attack
Researchers at Ruhr University Bochum have discovered a new threat to OpenSSH security known as the Terrapin attack. This sophisticated attack manipulates sequence numbers during the handshake process, compromising the integrity of ...
Insights from CISA HPH Sector Risk and Vulnerability Assessment
Rohan Timalsina | | cisa, CISA Advisories, CISA Advisory, CISA Threat Update, Cyber Attack Risk Assessment, Cyber Threats, Cybersecurity, cybersecurity defense strategies, Cybersecurity Weaknesses, healthcare, healthcare cybersecurity, healthcare organizations, Linux & Open Source News, Public Sector, vulnerability assessment
In an ever-evolving digital landscape, the healthcare and public health (HPH) sector faces increasing cybersecurity challenges. The United States Cybersecurity and Infrastructure Security Agency (CISA) recently conducted a Risk and Vulnerability Assessment ...
Above 30% Apps at Risk with Vulnerable Log4j Versions
Rohan Timalsina | | Apache Log4j library, CVE-2021-44228, Cyber Threats, Cybersecurity, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, Log4j, Log4J apps, Log4j Vulnerabilities, Log4Shell Vulnerability, security vulnerabilites
An alarming 38% of applications that use the Apache Log4j library use the versions susceptible to security vulnerabilities. One of them is a critical vulnerability, Log4Shell (CVE-2021-44228), for which patches have been ...