Critical OpenSSH Vulnerability 'regreSSHion' Discovered, Velvet Ant' Exploits Cisco Zero-Day Vulnerability: Your Cybersecurity Roundup

Cybersecurity news banner highlighting latest vulnerabilities

Critical OpenSSH Vulnerability 'regreSSHion' Discovered, Impacting Millions of Linux Systems

A newly discovered vulnerability in the widely used OpenSSH server software, codenamed “regreSSHion” (CVE-2024-6387), has sent shockwaves through the cybersecurity community. This critical flaw, which enables unauthenticated remote code execution on vulnerable Linux systems, could potentially grant attackers full root access and allow them to bypass firewalls.

While experts acknowledge the severity of the vulnerability, they emphasize that exploitation is not straightforward and requires specific conditions to be met. The bug stems from a timing issue, a regression of a previously patched vulnerability, that was reintroduced in 2020. The attack requires a sustained effort, often taking hours or even weeks to execute successfully.

Despite the difficulty of exploitation, the prevalence of OpenSSH in the digital infrastructure raises concerns about the potential impact of this vulnerability. Approximately 14 million OpenSSH server instances are estimated to be exposed to the internet, making them potential targets for malicious actors.

OpenSSH maintainers have released security updates to mitigate the risk, and users are strongly urged to patch their systems promptly. Additional security measures, such as limiting SSH access and enforcing network segmentation, can reduce the risk of unauthorized access and lateral movement.

Microsoft Warns of Critical Vulnerabilities in Rockwell Automation PanelView Plus,

Microsoft’s security researchers have sounded the alarm over two critical vulnerabilities discovered in Rockwell Automation’s PanelView Plus, a widely used human-machine interface (HMI) in industrial settings. The vulnerabilities, identified as CVE-2023-2071 and CVE-2023-29464, could be exploited by malicious actors to remotely execute code or initiate denial-of-service (DoS) attacks, potentially causing significant disruption to industrial processes and infrastructure.

CVE-2023-2071, rated 9.8 out of 10 on the CVSS severity scale, is an improper input validation vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the targeted device. This could lead to a complete compromise of the system, allowing the attacker to steal sensitive data, install additional malware, or sabotage operations.

CVE-2023-29464, while less severe with a CVSS score of 8.2, still poses a serious risk. This vulnerability, also stemming from improper input validation, could be exploited to read data from memory or trigger a DoS condition, rendering the device unresponsive and disrupting industrial processes.

Rockwell Automation has already released patches to address these vulnerabilities in September and October 2023, respectively. However, the recent exploitation of a similar flaw in the HTTP File Server emphasizes the importance of promptly applying these updates. Unpatched PanelView Plus devices remain susceptible to attacks, leaving critical infrastructure vulnerable to compromise.

Brazil Bans Meta from Using User Data for AI Training Citing Privacy Concerns

Brazil’s data protection authority, the ANPD, has temporarily banned Meta from using its users’ personal data for AI training purposes. This decision follows Meta’s recent update to its terms, which allowed it to use public content from Facebook, Instagram, and Messenger to train its AI algorithms. The ANPD found the updated terms to be in violation of Brazil’s General Personal Data Protection Law, citing concerns about lack of transparency, inadequate legal basis, and potential risks to children and adolescents. 

This move by Brazil is not isolated. Meta has faced similar resistance in the European Union, prompting the company to pause its AI training plans in the region without explicit user consent. The company’s president of global affairs has criticized the EU’s stance as a hindrance to innovation. 

Meanwhile, Cloudflare has launched a new tool to prevent AI bots from scraping content for LLM training, further highlighting the growing concerns around data privacy and AI development.

Chinese Espionage Group 'Velvet Ant' Exploits Cisco Zero-Day Vulnerability in Sophisticated Cyberattack

Cybersecurity firm Sygnia has revealed a targeted attack by the Chinese state-sponsored espionage group, Velvet Ant, exploiting a previously unknown vulnerability in Cisco’s NX-OS Software. This zero-day flaw, designated as CVE-2024-20399, was found within Cisco Nexus switches, crucial components of network infrastructure.

The vulnerability allows authenticated attackers to execute arbitrary commands with root privileges, providing them with extensive control over compromised devices. Velvet Ant leveraged this flaw to deploy custom malware, enabling remote access, file uploads, and code execution on the targeted switches.

Sygnia’s discovery came during a larger forensic investigation into Velvet Ant’s activities, revealing a pattern of sophisticated cyber espionage tactics employed by the group. Cisco, alerted to the vulnerability in April 2024, has since released patches to address the issue.

 

The exploitation of this zero-day highlights the ongoing cat-and-mouse game between cybersecurity professionals and state-sponsored actors. It emphasizes the importance of robust security measures, particularly for critical network devices like switches, which are often overlooked as potential entry points for attackers. 

Furthermore, the incident underscores the challenges of detecting and investigating malicious activity on network appliances due to the lack of monitoring and centralized logging. As cyber threats continue to evolve, organizations must remain vigilant and adopt proactive measures to safeguard their infrastructure and data.