In this issue:

RegreSSHion - new OpenSSH RCE vulnerability threatening hundreds of thousands of servers.
Prudential / ALPHV - Financial confirms more 2.5 M records leaked.
TeamViewer / Cozy Bear - Russian APT29 hacks the major software company.
Indonesian National Data Center / Brain Cipher - new Lockbit 3.0-based ransomware wreaks havoc in Indonesia.
Cisco / Velvet Ant - a 0-day vulnerability, discovered and patched by Cisco, exploited by a Chinese hacking group.
Ollama - the AI platform discovered and patched a critical vulnerability.
Operation First Light - international law enforcement arrests nearly 4,000 people accused of various accounts of cybercrime.

Vulnerability of the Week - CVE-2024-6387 (RegreSSHion)

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability, "regreSSHion," grants root privileges on glibc-based Linux systems. Discovered by Qualys in May 2024, CVE-2024-6387 is due to a signal handler race condition in sshd, allowing unauthenticated remote attackers to execute arbitrary code as root. If a client does not authenticate within LoginGraceTime, sshd's SIGALRM handler is called and executes non-async-signal-safe functions. Around 7.3 million SSH servers are exposed to the threat.

Exploiting this flaw could lead to full system takeover, malware installation, and data manipulation. Despite its severity, regreSSHion is hard to exploit and requires multiple attempts.

Check if you’re vulnerable to RegreSSHion on my website https://regresshion.sh/.

In other news

[Data Breach]
Prudential - ALPHV

Prudential Financial disclosed that over 2.5 million individuals were affected by a February data breach, up from an initial estimate of 36,000. The ALPHV/Blackcat ransomware gang claimed responsibility for the attack, which compromised sensitive personal information.

[Data Breach]
TeamViewer - Cozy Bear

TeamViewer confirmed a breach by Russian hacking group APT29 (Cozy Bear) in its corporate IT environment. The incident, traced to compromised employee credentials, exposed employee directory data and encrypted passwords, but did not compromise customer data or the product environment, which are segregated.

[Ransomware]
Indonesian National Data Center - Brain Cipher

Brain Cipher, a new ransomware operation, has targeted organizations globally, notably attacking Indonesia's temporary National Data Center on June 20th. This attack encrypted government servers and disrupted critical services. Brain Cipher, created partly from the leaked LockBit 3.0 builder, demanded $8 million in Monero cryptocurrency for decryption and data non-disclosure.

[Update]
Cisco - Velvet Ant

Cisco patched an NX-OS zero-day (CVE-2024-20399) exploited in April by the Chinese state-sponsored group Velvet Ant. The flaw allowed local attackers with admin privileges to execute root commands on switches. Cisco advises regular credential changes for network-admin and vdc-admin users.

[Update]
Ollama

Cybersecurity researchers have detailed a critical RCE vulnerability (CVE-2024-37032) in the Ollama AI platform, codenamed Probllama. The flaw, due to insufficient input validation, allows remote code execution via path traversal. Patched in version 0.1.34, the issue was disclosed on May 5, 2024.

[Legal]
Operation First Light

International law enforcement dismantled online scam networks in 61 countries, arresting over 3,900 suspects and seizing $257 million. Operation First Light targeted phishing, investment fraud, fake online shopping sites, romance scams, and impersonation scams, identifying 14,600 additional suspects and freezing 6,745 bank accounts.

Resources

• Bleeping Computer: New regreSSHion OpenSSH RCE bug gives root on Linux servers

• The Record: TeamViewer says Russia’s ‘Cozy Bear’ hackers attacked corporate IT system

• Bleeping Computer: Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

• Bleeping Computer: Prudential Financial now says 2.5 million impacted by data breach

• Bleeping Computer: Cisco warns of NX-OS zero-day exploited to deploy custom malware

• The Hacker News: Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

• The Record: Nearly 4,000 arrested in global police crackdown on online scam networks

  Thanks for reading Cyber Dispatch! Subscribe for free to receive new posts and support my work.

  Subscribe