CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Subscribe

Episode 80: May 13 2024

May 13, 2024 Jim Guckin CyberSecurity News Byte 31:4244.99M 0 Comments

https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/ 

https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/ 

https://nvd.nist.gov/vuln/detail/CVE-2024-31497 

https://securityaffairs.com/162823/cyber-crime/lockbit-ransomware-admin-identified.html 

https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned 

https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ 

https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/ 

Citrix warns admins to mitigate PuTTY Bug 

 

  • Citrix 
  • manually mitigate a PuTTY SSH client vulnerability 
  • could allow attackers to steal a XenCenter admin’s private SSH key. 
  • Not a Biggy 
  • “Open SSH Console” button. 
  • multiple versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR 
  • XenCenter 
  • manages Citrix Hypervisor environments.  
  • deploying and monitoring virtual machines. 
  • CVE-2024-31497 
  • No CVSS score yet. 
  • Flaw 
  • Cryptographic flaw 
  • 58 signatures 
  • Logins count 
  • Used to decrypt private keys. 
  • PuTTY 
  • Version 0.68 through 0.80 
  • Citrix  
  • XenCenter 8.2.7 will no longer include it. 
  • The Fix? 
  • Don’t use “Open SSH Console”? 
  • Then just delete PuTTY component. 
  • Do use it? 
  • Replace PuTTY with a newer version. 
  • 0.81 or greater 
  • Don’t use XenCenter but use PuTTY. 
  • Update PuTTY! 
  • Don’t use either! 
  • What kind of tech are you? 

 

LockBit Admin Identified 

 

  • Identified 
  • Administrator and Developer of LockBit 
  • FBI, UK National Crime Agency, and Europol 
  • Announced the identity of LockBit admin. 
  • “LockBitSupp” or “PutinKrab” 
  • Russian National (wow!) 
  • Dmitry Yuryevich Khoroshev 
  • Age 31 
  • From Voronezh, Russia 
  • Jail!? Even worse 
  • Sanctions 
  • Assets and Travel Bans 
  • USA! 
  • $10 million for info 
  • Leading to arrest and/or conviction 
  • Privacy Centric 
  • $10 Million to anyone who could identify him. 
  • Previously 
  • LockBit 
  • ransomware-as-a-service (RaaS) 
  • February 2024 (big news story) 
  • Seized in international raid. 
  • Including dark web site 
  • What they found 
  • June 2022 to February 2024 
  • orchestrated over 7,000 attacks. 
  • 100 Hospitals 
  • 2500 decryption keys 
  • Contacting victims 
  • You know…sure that’s helpful months afterwards. 
  • Everything you say, bounces off me and sticks to you. 
  • New Site 
  • But just not the same 
  •  

Dell API used to steal 49 million records 

  • BreachForums 
  • Clear web/dark web marketplace 
  • Dell  
  • Started sending out notifications to customers. 
  • After the threat actor (Menelik) put data up for sale 
  • “”We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell,” reads a Dell data breach notification.” 
  • Data “Leaked” 
  • Name, Physical address. 
  • Dell hardware and order information 
  • service tag, item description, date of order, and related warranty information. 
  • API Abused 
  • Menelik registered as a partner. 
  • Used fake information. 
  • 2 days later without verification it worked. 
  • Once approved. 
  • Created a program to generate 7-digit service tag. 
  • Scrape the information returned. 
  • No rate limiting (appears) 
  • 5,000 RPM for 3 weeks 
  • Records  
  • Monitors: 22,406,133 
  • Alienware Notebooks: 447,315 
  • Chromebooks: 198,713 
  • Inspiron Notebooks: 11,257,567; Desktops: 1,731,767 
  • Latitude Laptops: 4,130,510  
  • Optiplex: 5,177,626 
  • Poweredge: 783,575 
  • Precision Desktops: 798,018; Notebooks: 486,244 
  • Vostro Notebooks: 148,087; Desktops: 37,427 
  • Xps Notebooks: 1,045,302 
  • XPS/Alienware desktops: 399,695 
  • Told Dell….you know after 
  • April 12 and 14th 
  • Dell didn’t respond. (but they knew it before the email) 
  • Fixed it 2 weeks later. 
  • For Sale 
  • Only selling it to one person (per post) 
  • Previously removed due to bad (dead) link 
  • Gives aways some data to show what he has 

Hackers exploit WordPress LiteSpeed flaw 

  • LiteSpeed Cache plugin 
  • speed up page loads. 
  • improve visitor experience. 
  • boost Google Search ranking. 
  • 5 million sites utilized. 
  • WPScan 
  • By Automattic 
  • Saw in April increased activity from threat actors. 
  • scanning for and compromising 
  • LiteSpeed plugin older than 5.7.0.1 
  • 1 IP 
  • 94[.]102[.]51[.]144 
  • 1.2 million probing questions 
  • Estimated impacted version. 
  • 1,835,000 
  • CVE-2023-40000 
  • CVSS 8.8/10 
  • Cross site scripting attack (unauthenticated) 
  • Utilized malicious JavaScript code. 
  • Inject code into files. 
  • Inject information into database. 
  • Create new admin accounts. 
  • Wpsupp-user or wp-configuser 
  • Protect yourself. 
  • Constantly update plugins. 
  • Replace dead plugins. 
  • backups 

Leave a Reply

Your email address will not be published. Required fields are marked *