#ssh

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to "gain SSH access to the victim's machine by writing the attacker’s SSH public key in the root user’s authorized_keys file," software supply

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"

### Impact When using the recommended "best-effort" mode, Go-Landlock did not restrict the TCP bind() and connect() operations any more when they were requested. This affects Go-Landlock users to whom both of the following conditions apply: * They use Landlock rulesets that are supposed to restrict networking (through `landlock.V4`, `landlock.V5`, or self-configured). * These Landlock rulesets are used in best-effort mode. Typically, affected code uses the Go-Landlock API like this (the crucial part being the combination of `V4`/`V5` and `.BestEffort()`): ``` err := landlock.V5.BestEffort().Restrict(...) ``` * This is a bug in the Go-Landlock library and does not affect programs that use Landlock via C or other language bindings. * The bug only affects networking restrictions. File system restrictions continue to work as expected. ### Patches Patched in: https://github.com/landlock-lsm/go-landlock/commit/fb3ad845df462d013f9c8a965c496617c6a5778b Users should upgrade to: v0.0.0-202...

The Vivo Fibra Askey RTF8225VW modem suffers from an input validation vulnerability that allows for full escalation to a functioning shell once logged in and using the restricted aspsh shell.

NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric…

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.