Cisco says VPN and SSH services will be hit

Apr 18 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s keeping its eye on the cyberwarfare abroad like it’s Benjamin Netanyahulu 👀🙃😂

 Today’s hottest cybersecurity news stories:

  • ⚠️ Warning! Cisco says VPN and SSH services will be hit w/ attacks 💥

  • 👨‍💻 PuTTY SSH client has been found wanting. Key recovery attacks galore 😳

  • 🍯 Hive Rat responsible for $3.5M crypto-jack arrested by the buzz. Sorry, fuzz 👮

You gotta be Cisco Kidding me 👀😏💀

🚨 Global Surge in Brute-Force Attacks: Cisco Issues Warning 🔒

🌐 Cisco has sounded the alarm regarding a worldwide spike in brute-force attacks targeting a variety of devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, dating back to at least March 18, 2024.

📈 "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," reported Cisco Talos.

🔓 Successful breaches could lead to unauthorised network access, account lockouts, or denial-of-service conditions, cautioned the cybersecurity company.

🎯 The attacks, described as broad and opportunistic, have been observed targeting several devices, including:

  • Cisco Secure Firewall VPN

  • Checkpoint VPN

  • Fortinet VPN

  •  SonicWall VPN

  •  RD Web Services

  •  Mikrotik

  •  Draytek

  • Ubiquiti

🔍 Cisco Talos identified the brute-force attempts as utilising both generic and valid usernames, indiscriminately targeting various sectors globally.

🔑 The source IP addresses for the attacks are commonly linked with proxy services, including TOR, VPN Gate, IPIDEA Proxy, and others. A full list of indicators associated with the activity can be found here.

🔔 This development follows Cisco's warning of password spray attacks on remote access VPN services and a report from Fortinet FortiGuard Labs detailing ongoing exploitation of a patched security flaw in TP-Link Archer AX21 routers.

🔒 "As usual, botnets relentlessly target IoT vulnerabilities, continuously attempting to exploit them," remarked security researchers Cara Lin and Vincent Li. "Users should be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments from infection, preventing them from becoming bots for malicious threat actors."

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Don’t let yourselves be PuTTY in the hands of hackers! 💩🤲💀

🚨 Critical Vulnerability Alert: PuTTY SSH and Telnet Client at Risk 🔑

🔥 The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are issuing a critical warning to users of versions 0.68 through 0.80 due to a vulnerability that could lead to full recovery of NIST P-521 private keys.

🔒 Assigned the CVE identifier CVE-2024-31497, the flaw was discovered by researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum.

💥 "The effect of the vulnerability is to compromise the private key," stated the PuTTY project in an advisory.

🛡️ "An attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key, allowing them to forge signatures as if they were from you," they added.

🔍 Bäumer detailed the flaw as originating from the generation of biassed ECDSA cryptographic nonces, enabling full secret key recovery in roughly 60 signatures.

🛠️ Besides PuTTY, the vulnerability affects other products such as FileZilla, WinSCP, TortoiseGit, and TortoiseSVN, all incorporating vulnerable versions of the software.

🔧 Following responsible disclosure, fixes have been implemented in PuTTY 0.81, FileZilla 3.67.0, WinSCP 6.3.3, and TortoiseGit Users of TortoiseSVN are advised to utilise Plink from the latest PuTTY 0.81 release when accessing SVN repositories via SSH until a patch is available.

🔐 Specifically, the issue has been addressed by adopting the RFC 6979 technique for all DSA and ECDSA key types, replacing the earlier method prone to biassed nonces when using P-521.

🔒 PuTTY developers emphasised revoking compromised ECDSA NIST-P521 keys from SSH servers to mitigate risks associated with the vulnerability.

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)

🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

A Hive of RATs. Is there anything worse? 🐝🐀😨

🚨 Arrests Made in Connection to Hive RAT Scheme: DoJ Issues Warnings 🚔

🔥 Two individuals have been apprehended in Australia and the U.S. linked to an alleged plot involving the development and dissemination of a remote access trojan dubbed Hive RAT (formerly Firebird).

🛡️ The U.S. Justice Department (DoJ) revealed that the malware bestowed control over victim computers, enabling access to private communications, login credentials, and personal data.

🔒Edmond Chakhmakhchyan (aka "Corruption"), 24, from Los Angeles, California, faces charges of conspiracy and advertising an interception device. He allegedly marketed Hive RAT licences on cybercrime forums and provided customer support.

🔍 Hive RAT grants capabilities including program termination, file browsing, keystroke logging, and credential theft from victims' machines surreptitiously.

🛠️ Meanwhile, in Australia, charges were brought against an unnamed individual involved in the creation and sale of Hive RAT. The suspect faces multiple offences carrying up to three years imprisonment each.

🔒 "Remote Access Trojans are one of the most harmful cyber threats in the online environment," remarked AFP Acting Commander Cybercrime Sue Evans. "Once installed onto a device, a RAT can provide criminals with full access and control."

💸 In another cybercrime development, Charles O. Parks III (aka "CP3O"), 45, was indicted in the U.S. for orchestrating an illegal cryptojacking operation defrauding cloud computing providers out of millions of dollars in computing resources.

🔍 Parks exploited various aliases and email addresses to register accounts with cloud providers, syphoning computing power to mine cryptocurrencies like Ether, Litecoin, and Monero.

💰 The illicit proceeds were laundered through cryptocurrency exchanges and traditional bank accounts, funding lavish purchases including luxury cars and jewellery.

🔥 "Parks tricked the providers into approving heightened privileges and benefits, and deflected inquiries regarding questionable data usage," stated the DoJ.

Hopefully some good news tomorrow, folks 😬 Although, we had an arrest at least… Every cloud 🌈

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles