14 million Linux systems threatened by ‘RegreSSHion’ vulnerability
Researchers at Qualys have uncovered a critical vulnerability, “regreSSHion” (CVE-2024-6387), which some experts are comparing to the notorious Log4Shell in terms of potential severity. This flaw, with a CVSS score of 8.1, affects glibc-based Linux systems running sshd in its default configuration. Exploiting this vulnerability could allow attackers to completely take over systems, install malware, manipulate data, and create backdoors for persistent access. The vulnerability poses a severe threat, enabling unauthorized remote code execution with root privileges, leaving over 14 million servers potentially vulnerable.
(Bleeping Computer), (Security Week), (Dark Reading)
Critical patch issued for Juniper routers
It’s going to be a perfect 10 on the CVSS scale for a critical vulnerability (CVE-2024-2973) impacting Juniper Networks routers. The company released patches outside of their usual schedule, indicating the severity of the flaw. According to Juniper, the issue affects all Session Smart routers and conductors running in high-availability redundant configurations. This vulnerability allows for a network-based attack to bypass authentication and take over the device.
(Juniper), (Dark Reading), (The Register)
Millions not thousands impacted by Prudential breach
A slight adjustment from insurance giant Prudential reveals their initial estimate that around 40,000 people were impacted by a data breach in February was off by 2.5 million. According to a report from the company in March, Prudential initially stated that personal information, including names, addresses, and driver’s license numbers of a little over 36,000 people, was exposed in the breach. In a revised filing, the company now says the information of close to 2.6 million individuals was actually exposed. Prudential says notifications to those impacted by the breach have been “substantially completed at this time.”
Who’s to blame for Indonesia’s ransomware attack?
Indonesia’s communications and information technology minister, Budi Arie Setiadi, is under pressure to resign after a LockBit 3.0 ransomware attack disrupted over 200 institutions at the end of June, which has left many services around the country still unavailable. A petition has garnered over 18,500 signatures from those demanding Setiadi be held accountable for the attack. Indonesia’s President has ordered an audit of government data centers after it was revealed that data had not been backed up, which Setiadi says was due to budget constraints but that backing up data will soon become mandatory.
Huge thanks to our sponsor, Demoed
Chinese hackers exploit zero-day in Cisco Devices
State-backed Chinese hackers, known as Velvet Ant, exploited a newly identified zero-day vulnerability (CVE-2024-20399) in Cisco NX-OS software used in Nexus-series switches. The discovery was made by Sygnia during a forensic investigation where the hackers gained administrator-level access to deploy custom malware for remote control of compromised devices. Cisco has issued software updates to address the vulnerability, with no available workarounds.
(Bleeping Computer) , (The Record)
Google pays big bucks for bug hunting
Google has launched a vulnerability reward program (VRP) offering up to $250,000 for security researchers who can execute a guest-to-host attack using a zero-day vulnerability in the KVM hypervisor. The contest, known as “kvmCTF,” allows participants to log in as a guest and attempt to exploit the KVM host kernel. KVM, an open source project included in Linux since 2007, is used by Google in its Android and Google Cloud platforms.
Japanese anime and gaming giant reeling from ransomware attack
Japanese media giant Kadokawa has confirmed a data leak following a ransomware attack last month. The company reports the breach included business partner information and the personal information of employees; however, since the company doesn’t sto re any credit card information, that data was not compromised. The impact of the attack extends further than just the compromised data, including the temporary shutdown of Niconico, one of the largest video posting sites in Japan.The BlackSuit ransomware gang has claimed responsibility for the attack, stating they’ve stolen 1.5 TB of the company’s data, no word if the company plans on paying the ransom.
CDK Global gives update on restoration timeline
An update to a story we’ve been following for the last two weeks: CDK Global says all car dealerships using their platform will be back online by this Thursday, July 4th. The software-as-a-service provider’s platform, which is used by over 15,000 car dealerships around North America, experienced not one but two attacks last month, forcing the company to take all IT systems offline. According to Bleeping Computer, the BlackSuit ransomware gang was tied to this attack.