"PuTTY SSH Client Flaw Allows Recovery of Cryptographic Private Keys"

"PuTTY SSH Client Flaw Allows Recovery of Cryptographic Private Keys"

Fabian Baumer and Marcus Brinkmann from Ruhr University Bochum discovered a vulnerability in PuTTY 0.68 through 0.80 that enables attackers with access to 60 cryptographic signatures to recover the private key used to generate them. PuTTY is a popular open source terminal emulator, serial console, and network file transfer tool that supports SSH, Telnet, SCP, and SFTP. According to the researchers, the vulnerability stems from how PuTTY generates ECDSA nonces, which are temporary unique cryptographic numbers, for the NIST P-521 curve used for SSH authentication.

Submitted by Gregory Rigby on

"Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare"

"Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare"

The "RansomHub" ransomware group is now publishing data allegedly stolen from the healthcare transaction processor Change Healthcare in February. The incident disrupted Change Healthcare's operations and caused healthcare system outages. It was launched by an affiliate of the Alphv/BlackCat Ransomware-as-a-Service (RaaS), known as "Notchy." In early March, BlackCat pulled an exit scam, and Notchy claimed they had not received their share of the $22 million ransom paid by Change Healthcare and were still in possession of 4TB of stolen company data.

Submitted by Gregory Rigby on

"Report Suggests 93% of Breaches Lead to Downtime and Data Loss"

"Report Suggests 93% of Breaches Lead to Downtime and Data Loss"

According to security researchers at Pentera, a substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss.  During the research, the researchers found that enterprises are allocating an average of $164,400, nearly 13% of their total IT security budgets to pentesting programs.  These initiatives serve multiple purposes, including validating the efficacy of security controls, gauging potential attack impact, and prioritizing security investments.

Submitted by Adam Ekwall on

"LeakyCLI Flaw Exposes AWS and Google Cloud Credentials"

"LeakyCLI Flaw Exposes AWS and Google Cloud Credentials"

A new security flaw, dubbed "LeakyCLI" by the Orca Security team, impacts command-line tools used in cloud environments. The vulnerability exposes sensitive credentials in logs, posing a risk to organizations that use Amazon Web Services (AWS) and Google Cloud. The problem reflects a previously identified vulnerability in Azure Command-Line Interface (CLI), which Microsoft addressed in November 2023. Although Microsoft fixed it, AWS and Google Cloud CLIs are still vulnerable to the same flaw.

Submitted by Gregory Rigby on

"Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges"

"Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges"

Recently, Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges.  Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred.  He pleaded guilty in December.  According to the Department of Justice (DoJ), in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million.

Submitted by Adam Ekwall on

"Security Vulnerability in Browser Interface Allows Computer Access via Graphics Card"

"Security Vulnerability in Browser Interface Allows Computer Access via Graphics Card"

Researchers from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) successfully demonstrated three side-channel attacks on graphics cards via the WebGPU browser interface. According to the researchers, the attacks were fast enough to succeed during normal Internet surfing. Modern websites place ever-increasing demands on computing power. Therefore, web browsers have had access to the computing capacities of the Graphics Processing Unit (GPU) as well as the Central Processing Unit (CPU).

Submitted by Gregory Rigby on

"Web3 Game Developers Targeted in Crypto Theft Scheme"

"Web3 Game Developers Targeted in Crypto Theft Scheme"

A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects that install multiple variants of infostealers on macOS and Windows devices. According to Recorded Future's Insikt Group, the campaign's ultimate goal appears to be to defraud victims and steal their cryptocurrency wallets. The campaign mimics legitimate projects by making little changes to project names and branding. Multiple fake social media accounts were even created to impersonate the projects.

Submitted by Gregory Rigby on

"Two People Arrested in Australia and US for Development and Sale of Hive RAT"

"Two People Arrested in Australia and US for Development and Sale of Hive RAT"

Authorities in Australia and the US recently announced the arrest and indictment of two individuals for their roles in developing and selling the Hive remote access trojan (RAT).  Initially developed and distributed under the name of Firebird, the malware was marketed as a remote access tool that could stay hidden and steal sensitive information from the targeted systems.  The Australian man was charged with twelve counts of computer offenses and is scheduled to appear in court on May 7.

Submitted by Adam Ekwall on

"NSA Publishes Guidance for Strengthening AI System Security"

"NSA Publishes Guidance for Strengthening AI System Security"

The National Security Agency (NSA) has published a Cybersecurity Information Sheet (CSI) titled "Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems." The CSI aims to help National Security System (NSS) owners and Defense Industrial Base (DIB) companies that will deploy and operate AI systems designed and developed by an external entity. The guidance is also applicable to anyone else bringing AI capabilities into a managed environment, particularly those in high-threat, high-value environments.

Submitted by Gregory Rigby on

"Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw"

"Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw"

According to Binarly, there is an unpatched security flaw impacting the Lighttpd web server in Intel and Lenovo Baseboard Management Controllers (BMCs). Although the original flaw was discovered and patched by Lighttpd maintainers in August 2018 with version 1.4.51, the lack of a CVE identifier or advisory has caused it to be overlooked by AMI MegaRAC BMC developers. It has made its way into products made by Intel and Lenovo.

Submitted by Gregory Rigby on
Subscribe to