Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Ouch! Might want to check those appliances that could well have issues with patching…

TL; DR – Multiple versions of OpenSSH are vulnerable to remote code execution. There is no working public PoC, and researchers have only been able to exploit the vulnerability under unique lab conditions. Cato Sockets by default do NOT have a publicly exposed SSH interface, it is always recommended to keep Cato Sockets LAN interface exposed only internally and use comprehensive network access controls to manage SSH access.

Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims.

Data breaches, leaks, hacks, and compromised passwords pose a real threat to our data. If you don’t take action to protect your sensitive data, you are leaving your information exposed to hackers who could: Although many data breaches occur due to factors outside your control, it’s still important to protect your data to avoid it falling into the wrong hands. The best way to do this is by choosing from the numerous secure cloud storage services in 2024.

The two policy settings in the CIS Benchmarks control the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). By enabling the policy settings, users with anonymous connections will not be able to enumerate domain account user names on the systems in your environment.

Read also: “Evil Twin” hacker arrested for stealing the personal data, a former IT-employee indicted for a breach affecting 1M patients, and more.

Over the last half-decade or more, the prevalence of cyberattacks on the government has only increased. Moreover, it’s not just attacks on the government agencies themselves that matter, but also attacks against the contractors and subcontractors working with those government agencies.

Recently, Qualys identified a new remote unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, nicknamed regreSSHion (CVE-2024-6387).