Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and...

CVE-2023-36654

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters...

cloud-init security, bug fix, and enhancement update

23.1.1-10.0.1 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Add IPv6 IMDS and dhcp6 support for Oracle Datasource Orabug: 35470783 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permissions Orabug: 35302985 - Update detection logic...

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2023:6943 Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Moderate: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update

An update for cloud-init is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALSA-2023:6371 Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Moderate: cloud-init security, bug fix, and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: sensitive data could be exposed in logs CVE-2023-1786...

Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers

Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer,...

TeamCity Server < 2022.10.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2022.10.3. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible...

SUSE CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far:...

The vulnerability of the sshkeys.js component in the embedded operating system OpenWrt, related to the lack of security measures for the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the sshkeys.js component in the embedded operating system OpenWrt is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Prometheus API Information Gather

This module utilizes Prometheus' API calls to gather information about the server's configuration, and targets. Fields which may contain credentials, or credential file names are then pulled out and printed. Targets may have a wealth of information, this module will print the following values whe...

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf,"...

CVE-2023-37426

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host...

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

auto-cve-2022-44268 Automating expl...

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...