#ssh

By Deeba Ahmed Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers. This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the ,identification of these attacks. Cisco Talos is actively monitoring a global increase in brute-force attacks against a variety

The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus

### Summary `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. ### Details This is related to the patched vulnerability https://github.com/advisories/GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. Since https://github.com/Byron/gitoxide/pull/1032, `gix-transport` checks the host and path portions of a URL for text that has a `-` in a position that will cause `ssh` to interpret part of all of the URL as an option argument. But it does not check the non-mandatory username portion of the URL. As in Git, when an address is a URL of the form `ssh://username@hostname/path`, or when it takes the special form `username@hostname:dirs/r...

This is a backdoored version of openssh-8.0p1 where the ssh client will log the ssh username and ssh password into /opt/.../log.txt.

The security community is still reflecting on the “What If” of the XZ backdoor.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Cross-site Scripting, Improper Privilege Management, Improper Check for Unusual or Exceptional Conditions, Truncation of Security-relevant Information, Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious administrator to store a JavaScript payload using the web interface, revoke active XML API keys from the firewall and disrupt XML API usage, or cause a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens R...

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server.

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

### Impact Note: "Pebble" here refers to [Canonical's service manager](https://github.com/canonical/pebble), not the [Let's Encrypt ACME test server](https://github.com/letsencrypt/pebble). The API behind `pebble pull`, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and the charm run as root, so they have full access. But if another restricted unix user gains local access to the container host, they could hit the Pebble `GET /v1/files?action=read` API and would be allowed to read any file in the workload container, for example an ssh key or database password or other sensitive information. If there are ssh keys they could then potentially ssh into the workload, or if something like a database password they could log into the database. Note that this requires local user access to the host machine. It seems unlikely that an attacker could gain this level of access in a Juju Ku...