Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 27 – 2024

Publication date

05.07.2024

Featured Story

CVE-2024-6387 OpenSSH RegreSSHion Vulnerability

On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers (sshd) on glibc-based Linux systems. This vulnerability, called RegreSSHion and tracked as CVE-2024-6387, can result in unauthenticated remote code execution (RCE) with root privileges. This vulnerability has been rated High severity (CVSS 8.1).

Successful exploitation can lead to a full system compromise, allowing complete system takedown, installation of malware, data manipulation, creation of backdoors and lateral movement for further exploitation of other vulnerable systems within the organization.

This vulnerability impacts the following OpenSSH server versions:

  • OpenSSH version between 8.5p1–9.8p1
  • OpenSSH versions earlier than 4.4p1, if not backport-patched against CVE-2006-5051 or patched against CVE-2008-4109
SOC Analysis:
Qualys identified no less than 14 million potentially vulnerable OpenSSH server instances exposed to the internet. We recommend updating all OpenSSH instances to v9.8p1 or higher. If patching is delayed, setting ‘LoginGraceTime’ to 0 can reduce risk, but be aware this may make the server susceptible to DoS.

Other Stories

Patch Now: Cisco Zero-Day Under Fire From Chinese APT

Cisco patched CVE-2024-20399, a command-line injection flaw exploited by China-backed threat group Velvet Ant. It allows authenticated attackers to execute commands as root via NX-OS CLI.

SOC Analysis:
CISA added this to the Known Exploited Vulnerabilities Catalog. There are no workarounds. Organizations should apply available patches, enforce strong admin credentials, and isolate network management interfaces.

Operation Morpheus Disrupts 593 Cobalt Strike Servers Used for Ransomware

International law enforcement agencies coordinated Operation Morpheus, taking down 593 malicious Cobalt Strike servers between June 24 and June 28. The tool, while legitimate, is frequently misused by cybercriminals.

SOC Analysis:
Cobalt Strike remains a top threat despite its legitimate use. Operation Morpheus shows the power of global cooperation in disrupting cybercrime infrastructure and protecting businesses.

Look out for QR codes on electric charging points: they may be fake

Scammers are placing fraudulent QR codes over legitimate ones on public EV chargers. Victims are redirected to malicious payment sites where attackers steal banking credentials.

SOC Analysis:
This « quishing » scam reminds us to always inspect QR codes in public, verify URLs before entering data, and report suspicious QR codes to suspicious@safeonweb.be.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?