Featured Story
Terrapin Flaw Weakens SSH Protocol Security
Researchers at Ruhr University Bochum have disclosed CVE-2023-48795 – a vulnerability known as the Terrapin attack, which targets SSH implementations by exploiting prefix truncation during key exchange.
The flaw allows man-in-the-middle attackers to downgrade the security of SSH connections without detection. Affected implementations include OpenSSH, PuTTY, FileZilla, WinSCP, and others. Patches have been released, but over 11 million SSH servers remain exposed.
Terrapin requires MITM access (e.g. on public Wi-Fi). Protect your infrastructure by:
1. Patching SSH clients and servers
2. Disabling weak algorithms
3. Enforcing key-based auth or strong passwords
4. Blocking SSH access from the internet (via VPN)
A deeper blog post is coming soon from our SOC team. Stay tuned!
Other Stories
Malware Abuses Google OAuth to Hijack Accounts
Info-stealers like Lumma and Rhadamanthys exploit an undocumented Google OAuth endpoint named “MultiLogin” to restore expired session cookies—gaining unauthorized access to accounts even after password resets or logouts.
This exploit reinforces the need for phishing-resistant MFA, tighter session security, and better detection for abnormal session behavior. Users should stay alert and use secure authentication options wherever possible.
Malicious PyPI Packages Target Linux with Crypto Miners
Three malicious packages—modularseven, driftme, and catme—were removed from PyPI after they were found to deploy Linux-based crypto miners upon install.
Always vet open-source packages before use. Organizations should scan dependencies, monitor behavior post-install, and isolate build environments to mitigate the risk of malicious package use.
AXA Belgium Alerts Public to Fake Life Insurance Emails
AXA Belgium warns of phishing emails claiming recipients are life insurance beneficiaries. The emails request sensitive documents and impersonate AXA addresses using domains like axa.avie@gmail.com and contact@aixavie.com.
Do not engage with suspicious insurance-related emails. Forward such messages to suspicious@safeonweb.be and delete them immediately to avoid identity theft.
