Lightning Framework, modular Linux malware

Researchers at Intezer have published a technical analysis of Lightning Framework, a previously undocumented and undetected Linux threat. Lightning is a modular framework that is very versatile and something we don’t see very often in the Linux space. The old argument that Linux systems or Macs f...

AlmaLinux 8 : curl (5313) (ALSA-2022:5313)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5313 advisory. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without...

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...

Hardcoded credentials

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

Design/Logic Flaw

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...

CVE-2022-24657

CVE-2022-24657 affects Goldshell ASIC Miners v2.1.x, where hardcoded credentials enable remote SSH access (port 22). The root cause is the presence of embedded credentials in the device firmware, as documented across multiple sources in the connected set (NVD/Red Hat/CVE listings, CNNVD). Impact ...

CVE-2022-24657

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...

CVE-2022-36321

JetBrains TeamCity prior to 2022.04.2 suffers a log leakage vulnerability where a private SSH key can be written to build logs under certain conditions. Affected product: JetBrains TeamCity. Root cause: sensitive private key exposure in log output. Impact: potential confidentiality loss of privat...

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...

USN-5526-1: PyJWT vulnerability

Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature...

Huawei EulerOS: Gather Applied HotFix (SSH Login)

Gathers information about applied HotFixes/Livepatches for EulerOS via the provided Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2022-32985

libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201...

CVE-2022-32985

libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201...

Code injection

libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201...

CVE-2022-32985

libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201...

CVE-2022-32985

CVE-2022-32985 affects Nexans FTTO GigaSwitch industrial/office switches (HW v5) through vulnerable libnx_apl.so; SEC Consult and Red Hat/NVD describe a hardcoded backdoor account enabling SSH logins on ports 50200/50201. The issue stems from outdated components in HW version 5, with fixed versio...

[SECURITY] Fedora 35 Update: vultr-1.15.0-9.fc35

Vultr CLI is a command line tool for using the Vultr API. It allows you to create and manage your virtual machines, SSH public keys, snapshots, and startup scripts on your Vultr account. You can also use it to directly SSH into a Vultr virtual machine through the vultr ssh command...