Featured Story
CVE-2024-6387 OpenSSH RegreSSHion Vulnerability
On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability, called RegreSSHion and tracked as CVE-2024-6387, can result in unauthenticated remote code execution (RCE) with root privileges. This vulnerability has been rated High severity (CVSS 8.1).
Successful exploitation can lead to a full system compromise, allowing complete system takedown, installation of malware, data manipulation, creation of backdoors and lateral movement for further exploitation of other vulnerable systems within the organization.
This vulnerability impacts the following OpenSSH server versions:
- OpenSSH version between 8.5p1–9.8p1
- OpenSSH versions earlier than 4.4p1, if not backport-patched against CVE-2006-5051 or patched against CVE-2008-4109
Qualys identified no less than 14 million potentially vulnerable OpenSSH server instances exposed to the internet. We recommend updating all OpenSSH instances to v9.8p1 or higher. If patching is delayed, setting ‘LoginGraceTime’ to 0 can reduce risk, but be aware this may make the server susceptible to DoS.
Other Stories
Patch Now: Cisco Zero-Day Under Fire From Chinese APT
Cisco patched CVE-2024-20399, a command-line injection flaw exploited by China-backed threat group Velvet Ant. It allows authenticated attackers to execute commands as root via NX-OS CLI.
CISA added this to the Known Exploited Vulnerabilities Catalog. There are no workarounds. Organizations should apply available patches, enforce strong admin credentials, and isolate network management interfaces.
Operation Morpheus Disrupts 593 Cobalt Strike Servers Used for Ransomware
International law enforcement agencies coordinated Operation Morpheus, taking down 593 malicious Cobalt Strike servers between June 24 and June 28. The tool, while legitimate, is frequently misused by cybercriminals.
Cobalt Strike remains a top threat despite its legitimate use. Operation Morpheus shows the power of global cooperation in disrupting cybercrime infrastructure and protecting businesses.
Look out for QR codes on electric charging points: they may be fake
Scammers are placing fraudulent QR codes over legitimate ones on public EV chargers. Victims are redirected to malicious payment sites where attackers steal banking credentials.
This « quishing » scam reminds us to always inspect QR codes in public, verify URLs before entering data, and report suspicious QR codes to suspicious@safeonweb.be.
Contact the Approach Cyber SOC team for tailored support and training programs.