CyberSecurityBoard
Sponsor Register Login

Critical PuTTY Vulnerability Allows Secret Key Recovery

The developers of PuTTY have released an update to patch a critical vulnerability that can be exploited to recover secret keys.
PuTTY is an open source client program for SSH, Telnet, and other network protocols, enabling connections to remote servers and file transfers.
They noted that the required signatures can be obtained by a malicious server or from other sources, such as signed git commits.
PuTTY developers have provided an explanation on how a threat actor could recover a key and what they could use it for.
PuTTY versions 0.68 through 0.80 are affected, and PuTTY 0.81 fixes the vulnerability.
Several products that rely on an affected PuTTY version are vulnerable as well, including FileZilla, WinSCP, TortoiseGit and TortoiseSVN. Patches or mitigations are available for these products as well.
Affected keys must be revoked immediately, PuTTY developers urged users.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 16 Apr 2024 17:13:03 +0000


Cyber News related to Critical PuTTY Vulnerability Allows Secret Key Recovery

What to Do if You Expose a Secret: How to Stay Calm and Respond to an Incident - You probably are here because you leaked a secret somewhere and want to get straight to rotating the secret. If you are a solo developer or you know for sure you are the only user of the secret and understand what rotating the secret might disrupt, ...
1 year ago Feeds.dzone.com
Critical PuTTY Vulnerability Allows Secret Key Recovery - The developers of PuTTY have released an update to patch a critical vulnerability that can be exploited to recover secret keys. PuTTY is an open source client program for SSH, Telnet, and other network protocols, enabling connections to remote ...
1 year ago Securityweek.com
Business Data Backup and Recovery Planning - Data backup and recovery planning is essential in today's interconnected and data-driven business landscape. By understanding the significance of data backup and recovery planning, businesses can effectively protect their critical information and ...
1 year ago Securityzap.com
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising - A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising - A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta
CVE-2025-26521 - When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. ...
1 month ago
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
9 months ago Aws.amazon.com
CVE-2024-50022 - In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in dax_set_mapping() pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise, vmf->address not aligned to fault_size will be aligned ...
9 months ago Tenable.com
Windows 11 24H2 Update Breaks Connection to the Veeam Backup Server - For organizations planning recovery operations with Veeam in a Windows 11 environment, creating recovery media on computers running Windows 11 builds earlier than 26100.3194 is advisable until a permanent solution is available. Veeam advises ...
4 months ago Cybersecuritynews.com
Windows 11’s New Black Screen of Death is Rolling Out for Users - Windows 11 Build 26100.4762 (KB5062660) introduces quick machine recovery functionality, which automatically detects and fixes widespread issues using the Windows Recovery Environment (WinRE). Quick machine recovery automatically fixes widespread ...
2 weeks ago Cybersecuritynews.com
Microsoft confirms May Windows 10 updates trigger BitLocker recovery - Microsoft's acknowledgment of this issue comes after many Windows users and admins have reported seeing devices unexpectedly enter the Windows Recovery Environment (WinRE) and displaying a BitLocker recovery screen after installing the KB5058379 ...
2 months ago Bleepingcomputer.com
CVE-2024-31497 - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is ...
1 year ago Tenable.com
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - In today's fast-paced business world, protecting digital identities and optimizing daily workflows are crucial. The iShield Key Pro series from Swissbit addresses these challenges by offering top-notch security combined with effortless usability. ...
1 year ago Helpnetsecurity.com
CVE-2025-29780 - Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.7.6b0 and prior, the `feldman_vss` library contains timing side-channel ...
4 months ago
GitHub expands security tools after 39 million secrets leaked in 2024 - Standalone Secret Protection and Code Security – Now available as separate products, these tools no longer require a full GitHub Advanced Security license, making them more affordable for smaller teams. GitHub announced updates to its Advanced ...
3 months ago Bleepingcomputer.com
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
4 months ago Bleepingcomputer.com
KyberSlash attacks put quantum encryption projects at risk - Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys. CRYSTALS-Kyber is the official ...
1 year ago Bleepingcomputer.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com
Windows 11 Gets New Black Screen of Death With Auto Recovery Tool - Microsoft has unveiled significant improvements to Windows 11’s system recovery capabilities, introducing a redesigned Black Screen of Death restart screen alongside an automated Quick Machine Recovery (QMR) tool. These improvements complement ...
5 days ago Cybersecuritynews.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
9 months ago Securelist.com
new detectors, your favorite features, and what's coming next in GitGuardian - GitGuardian Secrets Detection More detectors = more secrets caught. Every detector has its comprehensive ID card in the public documentation, outlining the secret type, its intended usage and scope, and detailed steps for revocation. If you haven't ...
1 year ago Securityboulevard.com
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
1 year ago Cybersecuritynews.com
CVE-2024-53253 - Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client ...
8 months ago Tenable.com
Veeam Data Platform 23H2 update enhances resilience against ransomware - 1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises' most critical ...
1 year ago Helpnetsecurity.com
Behind EB Control's Revolutionary Patented Key Management System - If you're knee-deep in the world of data security, you'd agree that the key to unlocking superior protection lies, quite literally, in the keys- the encryption keys, to be precise. When it comes to managing these critical elements to safeguard your ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)