Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware
Root access gives an attacker or administrator complete control of a Unix-like system, allowing changes to data, software, accounts, and security settings.
Search across headline titles and summaries.
Background for this topic.
Root access is unrestricted administrative control of a Unix or Linux system. The root account, or an equivalent privilege obtained through mechanisms such as sudo, can read or change nearly any file, alter system configuration, install software, and control running processes. Related uses of “root” may describe equivalent administrator privileges in containers, cloud workloads, network appliances, or mobile devices.
Because root privileges can bypass ordinary access controls, stolen administrative credentials or a vulnerability that enables privilege escalation can let an attacker modify security settings, access protected data, establish persistence, or disrupt the host. Organizations generally reduce exposure by disabling direct root login where practical, using named administrator accounts with least privilege, protecting privileged authentication with strong controls, and recording and reviewing elevation events. Vulnerability management should prioritize flaws that can grant local or remote root-level execution; during an incident, investigators must assess whether root access was obtained and treat the host’s integrity as potentially compromised.
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware
The high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root.
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. [...]
A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. [...]
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems