#ssh

By Deeba Ahmed In this PoC, the ransomware attack dubbed R4IoT uses vulnerable IoT devices (in this case, vulnerable security cameras)… This is a post from HackRead.com Read the original post: New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks

Comma devices running Openpilot suffered from an insecure configuration when SSH is enabled where the private key is publicly known. Additional security hardening improvements have also been made in recent releases to address other concerns as well.

During an **X25519** key exchange, the client’s private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random): ```cs var rnd = new Random(); _privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes]; rnd.NextBytes(_privateKey); ``` Source: [KeyExchangeECCurve25519.cs](https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51) Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3 [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random) is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. ### Impact When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the com...

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.

SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms.

Red Hat Security Advisory 2022-4795-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Issues addressed include a heap overflow vulnerability.

Red Hat Security Advisory 2022-4711-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. Issues addressed include cross site scripting and denial of service vulnerabilities.

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3807: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes * CVE-2021-23425: nodejs-trim-off-newlines: ReDoS via string processing * CVE-2021-33502: normalize-url: ReDoS for data URLs * CVE-2021-41182: jquery-ui: XSS in the altField option of the datepicker widget * CVE-2021-41183: jquer...

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.